Which concept refers to adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation used in adherence.

Compliance is about conforming to mandates, whether they come from laws, regulations, contracts, or internal policies. It covers both the actions taken to meet those requirements and the artifacts that prove those actions were carried out, such as policies, procedures, audit trails, attestations, and other documentation. For example, putting in place controls and processes to satisfy a regulatory obligation and maintaining records that auditors can review demonstrates compliance in practice. This differs from confidentiality, which focuses on protecting information from unauthorized disclosure, from a control as a safeguard itself, and from a data custodian, which is a role responsible for data handling rather than the overall obligation to adhere to mandates.