Compliance

Compliance means conforming to external mandates (laws, regulations, contracts like PCI DSS) and internal policy. The critical exam point: compliance is the floor, not the ceiling — an organization can pass every audit and still be insecure, because frameworks lag real threats. Continuous control monitoring lowers the cost and pain of point-in-time audits and keeps the gap between “compliant” and “secure” small.