In the first three chapters, we provided a framework for understanding Information Management and for identifying and managing business records. In this chapter we begin to explore the core concept of the book, Information Management Compliance (IMC).
Although the term compliance is most often associated with the legal world, understanding it solely as a legal term is too narrow. In a broader context, and in the context used in this book, compliance simply means to act in accordance with any accepted standard or criteria. The "accepted standard" can refer to any kind of criteria, including business goals, performance measurements, laws, regulations, or quality targets.
In a general sense, there are two basic elements to compliance, namely:
Determining what the criteria should be
Developing techniques (often called controls) to ensure that the criteria are followed
Compliance is also a specific discipline that is practiced within dedicated departments in many regulated organizations around the world. These departments focus on ensuring that the organization complies with laws, regulations, codes, and other sources of compliance criteria. According to the International Compliance Association, organizational compliance departments have five key functions:
To identify the risks that an organization faces and provide guidance on the identified risks.
To design and implement controls to protect an organization from those ...