CHAPTER 11: EVALUATING COMPLIANCE IN THE CLOUD
Compliance from a definitions perspective would be defined as ‘conforming to a rule, such as a specification, policy, standard or law’ – these are typically external to the organisation.
In many real-world situations and environments, the above definition is often expanded, and tends to include additional operational risks and additional regulations, thereby extending the notion ‘compliance’ to other operational risk assessments and other frameworks or internal processes.
Compliance can be across any number of business units, functions or departments with a varying degree of requirements, measurement or frequency for assessment and adherence.
Regulations have grown in breadth ...