What It Means to Be Compliant

Visual representation of online exclusive security and compliance measures for enhanced digital protection.
Author: Tom Schneider, CISA, CCSP, CISSP, PCIP
Date Published: 8 October 2025
Read Time: 11 minutes

A common phrase in IT security is, “Compliance does not equal security.” The statement implies that because an organization can be hacked even if it is compliant with a cybersecurity framework or regulation, then compliance is essentially useless. Of course, if the test of compliance is to guarantee that an organization cannot be the victim of a cyberattack, then “security” does not equal security, either....

 

Members, login to keep reading.

Not a member but want to read more?
Explore ISACA member benefits today.

Additional resources