Introduction

The second subunit will focus on the introduction of the concept of compliance. In general terms, compliance means that a company adheres to the applicable rules and laws. This includes both country-specific laws and requirements from the regulatory authorities, as well as internal company directives. Key aspects of compliance are outlined. After the introduction, specific meaning in the ICT field has been defined, with some useful examples. Then the main advantages derived by the adoption of ISMS are explained as steps toward a compliance-based approach.

Learners achieve a better understanding of compliance as a set of applicable rules also in the risk management process, taking into account what the organization’s advantages deriving from certification.

The materials needed are:

• Articles reporting rule for compliance in various sectors
• Examples of compliance applications in ICT.