Based on the business and IT strategy and the policies and practices embodied within the IT management system, guidelines and a framework for Compliance Management have to be developed.

The tasks in this activity include:

• Determining the requirements for the way compliance management process will be consistent with the overall business compliance approach
• Establishing the framework for Compliance Management by defining and implementing practices, procedures, and systems that support process activities
• Defining the strategy for Compliance Management tools and capabilities, and how they should be sourced. For instance, should they be developed in-house or rely more on vendor capabilities
• Defining evaluation criteria for Compliance Management solutions and services
• Determining skill requirements for the staff and assigning staff based on these systems

Finally, the structure and process of Compliance Management, including escalation responsibilities, have to be communicated to the process users.

The establishment of the process framework also includes the continuous improvement of Compliance Management. For example, the consideration of the Compliance Management process evaluation and the implementation of recommended improvement actions.