Compliance is the state of realization of a set of conformance criteria or normative framework of a party, where
- a 'normative framework' is a set of related requirements that need to be complemented with a set of conformance criteria in order to be actually testable;
- a 'conformance criteria' is an (actually testable) requirement or condition that must be satisfied to claim conformance (compliance), and
Since parties are autonomous in deciding what normative frameworks and/or conformance criteria they want to comply with, we postulate that they own compliance objectives, i.e. objectives that aim to realize compliance with a selected set of conformance criteria and/or normative frameworks.Parties can state their compliance objectives in various ways, e.g. by stating that - the products it manufactures or uses must comply with their specifications, EU safety regulations, etc. - the processes that it runs must comply with standards such as ISO 9001 or ISO 27001 - the laws and regulations of the country in which the party is established must be complied with.
We use the term compliance management to refer to the management process that a party runs for the purpose of realizing its compliance objectives - in other words: to become and remain compliant (with the conformance criteria and/or normative frameworks they selected).
Compliance with a set of conformance criteria or a normative framework is typically asserted by a party, and may be attested to by an (independent) auditor.
The purpose of compliance (being compliant, or in the process of becoming compliant) is that it may help to mitigate risks, e.g. of being fined for being non-compliant. Also, it may help to provide opportunities; for example, being compliant with the ISO 9001 management requirements is often required for organizations in order to qualify for becoming a supplier.