Compliance or regulatory compliance is a term used across industries to describe rules and policies that prohibit or regulate specific products, services, or processes. Often legally binding and enforced by government agencies, compliance standards are federal, state, and municipal regulations that restrict the way organizations conduct business.
First established to protect consumers and the environment, compliance standards create responsibility for organizations that sometimes induce added expenses. Not complying could be even more costly when the consequences are financial penalties, court costs, suspension of services, and more.
Compliance standards are agreed-upon mandates by a governing body, often representative of a nation-state’s population or industry. Before and after adopting a standard, companies sometimes take advantage of the change by marketing their product or service as compliant. For example, before seat belts were required components of a car, auto manufacturers could market their vehicles as safer.
Where Do Compliance Standards Apply?
- Data encryption
- Data storage
- Environmental ops
- Financial records
- Food and drinks
- Health records
- Payment cards
- Security systems
- Technology specs
In this definition...
Examples of compliance standards
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) mandates data protection and data privacy for the economies of the EU and consumer data. Foundational to global data regulation, the GDPR applies to all organizations recording, controlling, or processing the personal data of EU citizens. In addition, the legislation includes several provisions that protect consumers, like data collection transparency, access to stored personal data, and the right of erasure.
Read more about how the landmark EU regulation works via GDPR Compliance for Mobile Apps 2021.
California Consumer Privacy Act (CCPA)
The CCPA includes the right of California citizens to opt-out of data collection, financial remediation rights for data breaches, and guidelines for security practices. Applicable to any organization with gross revenue over $25 million, working with the personal data of 50,000 consumers, or earning half its annual income through personal data sales, the California Consumer Privacy Act (CCPA) is the closest standard to the GDPR.
Payment Card Industry Data Security Standard (PCI-DSS)
Organizations managing credit and debit cards are highly regulated to ensure the security of consumer financial data. Set by the PCI Security Standards Council, the PCI standard ensures companies maintain an active cybersecurity stack capable of preserving data integrity and protecting personally identifiable information.
National Institute of Standards and Technology (NIST) Standards
Housed in the U.S. Department of Commerce, the National Institute of Standards and Technology (NIST) has been a standards leader for American companies since 1901. While the NIST is not a regulatory agency, its published standards serve as benchmarks across industries. Examples of NIST standards cover information security, manufacturing, Internet of Things (IoT) devices, federal patents, and more.
Pure Food and Drug Act of 1906
In 1906, the Pure Food and Drug Act was the first to regulate the integrity of food and drugs publicly sold to consumers. The resulting Food and Drug Administration (FDA) established an infrastructure for inspecting and banning goods and regulations governing the sale and distribution of addictive substances like tobacco and alcohol. deemed certain substances addictive publicly.
The EPA, Clean Air and Water, and Toxic Waste
A series of bills and executive orders between 1969 and 1976 established compliance standards relating to environmental protections for all public and private American organizations. These steps included creating the Environmental Protection Agency (EPA), mandating environmental quality reporting, and prohibiting pollution.
Sarbanes-Oxley (SOX) Act
For corporate America, the Sarbanes-Oxley Act expanded accountability for white-collar crime by requiring independent auditing, attributing fraud to corporate officers, and more.
Health Insurance Portability and Accountability Act (HIPAA)
What is compliance software?
Compliance software, also known as governance, risk, and compliance (GRC) software, is a standalone security software program or a suite of applications designed to ensure organizations meet all compliance standards that apply to their company. According to Grand View Research, the enterprise GRC market combined was $35.1 billion in 2020.
Compliance Software Vendors
- Google Cloud Platform
- Process Street