Compliance Management promotes compliance to standards and regulations for which there is a recognized business need.  For the IT organization, there must be an understanding of the risks involved in noncompliance. There should also be a gap analysis to determine the distance between the current situation and compliance.  There may be a significant gap, which would involve a significant change in the IT culture to change that gap. 

Typically, to bring an IT organization into compliance with a standard or regulation, a program will be initiated to achieve compliance.  To measure the progress of an IT organization in complying with a standard or regulation, a maturity model is often used. 

A formal measurement of the degree of compliance is typically performed by an audit.