A compliance-level is a measure for stating how well a entity conforms with a stated (set of) requirement(s).
Compliance-levels can be expressed in many forms, such as
- one of the first letters of 'Low', 'Medium', or 'High';
- a digit in the interval [1-n], where n is usually 4, 5 or 9;
- a combination of digits (indicating the expected impact) and letters (indicating the assessed likelihood);
- a color, e.g. one of 'green', 'yellow' and/or 'orange, 'red';
- a combination of character representation (appealing to the conscious mind of the reader) and a color (appealing to its unconscious mind)
Compliance levels can be used in the compliance management process of a party to indicate where work is required in order to realize that party's compliance objectives.
In order to be meaningful, every party that uses compliance levels must assign them a specific meaning such that when they appear e.g. in that party's compliance dashboard, the party can adequately determine the kind(s) of work that need to be done, prioritize that work, assign it, set deadlines, etcetera, in order to become compliant.
Also, parties should specify the assessment framework(s) that auditors should use for determining the compliance levels.
The purpose of compliance-levels is help parties determine and prioritize the work they need to do in order to become compliant.
- is a measure of some kind (e.g. 'Low', 'Medium', 'High', or a digit in some integer interval, or similar);
- signifies a statement about how well an entity conforms with a stated (set of) requirement(s);
- is associated with a party that uses it to indicate where work is required in order to become compliant;
- can be the result of assessing the conformance of an entity with the stated (set of) requirement(s).