Cybersecurity Reference > Glossary
Regulatory Compliance refers to the degree to which an organization subject to particular security rules and policies is meeting the requirements outlined in them.
These rules and policies ("regulations") may be imposed by governments, industry membership organizations, or purpose-specific departments or bodies within a larger umbrella organization.
When information systems meet the outlined requirements, they are said to be "compliant." When they don't, they are "not in compliance." Compliance is generally assessed through a formal evaluation and auditing procedure of some kind.
Regulatory compliance may also be used to refer to the process of implementing systems and processes to achieve compliance with the regulations to which an organization is subject.