Skip to main content

Compliance management

Short Description

Compliance management is the process that is run by (or on behalf of) a specific party for the purpose of managing its compliance objectives.

In its core, compliance management is a management process like any other. It can be set apart because the actors that do the work will need to have knowledge about the relevant laws, policies and regulations (for regulatory compliance), and/or relevant standards such as ISO 9001 or ISO 27001 (for certification), or other relevant rules, requirements and other normative frameworks.

Part of compliance management is to determine the compliance objectives that state which entities are in scope, and what the normative frameworks are that each of them must comply with. Compliance with a normative framework is typically established by an (independent) auditor, that uses an assessment framework to evaluate the extent to which the party complies with the requirements of the normative framework.


The purpose of having compliance-management set apart from the more generic management is that it often requires the involvement of people or third party organizations that have appropriate legal and/or regulatory knowledge that is not required in other kinds of management processes.


A compliance management process (of a party) is a management-process that is run by (or on behalf of) that party, where the objectives that are managed pursue the state of affairs in which specific entities that the party controls (which can also be that party itself) comply with a specified set of requirements.