The purpose of the Compliance Management process is to ensure adherence to laws and regulations, internal policies, procedures, and stakeholder commitments.

Read the Compliance Management Key Concepts.

Important links

• Compliance Management Tool Mentors
• Tivoli® Open Process Automation Library Extensions for Compliance Management 

Outcomes

As a result of successful implementation of this process:

• Regulatory, audit, and other internal compliance is ensured and demonstrated
• Legal liabilities and related productivity losses consequential upon any compliance breach are avoided
• The reputation and value of the brand of the businesses that IT serves is protected

Scope

Integrity (sound operating) and compliance as an outcome across all of the IT endeavor's undertakings.

Includes

• Consideration of internal and external regulations, standards and legal obligations impacting the business where they could require IT support. For example:
• • Privacy regulations
  • Laws such as Sarbanes Oxley
  • Industry standards and guidelines such as ISO/IEC 17799, COSO and COBIT®
• Specification of compliance controls needed within IT services and solutions and also within other IT processes
• Internal and external audit readiness preparations
• Compliance audits

Excludes

• Setting internal policies (IT Governance and Management System Framework)
• Modification to IT services and solutions to establish compliance controls (through Realization and Deployment categories)
• Modification to other IT processes (through IT Governance and Management System categories)
• Operation of the defined compliance controls within the transactions of the IT endeavor. This responsibility becomes part of the activity of each relevant IT process

Key performance indicators

• Pass internal audits while adhering to compliance regulations
• Number of standards followed
• Audit rating
• Percent of standards objectives in noncompliance
• Number of noncompliant issues
• Number of service improvement plans to address compliance

Relation to other processes

• Asset Management and Security Management use the compliance controls generated by this process to audit existing assets.
• Risk Management determines the risks of not adhering to various regulations and standards.

Further reading

In addition, see the IBM® Service Management Web page.