What It Means to Be Compliant

Visual representation of online exclusive security and compliance measures for enhanced digital protection.

Author: Tom Schneider, CISA, CCSP, CISSP, PCIP
Date Published: 8 October 2025
Read Time: 11 minutes

A common phrase in IT security is, “Compliance does not equal security.” The statement implies that because an organization can be hacked even if it is compliant with a cybersecurity framework or regulation, then compliance is essentially useless. Of course, if the test of compliance is to guarantee that an organization cannot be the victim of a cyberattack, then “security” does not equal security, either....

Members, login to keep reading.

Not a member but want to read more?
Explore ISACA member benefits today.

Additional resources

Several people looking intently at computer screens

Career Journey

IT Compliance

Demonstrates adherence to mandated or contractual requirements.

Security Article

Beyond NIST: Why Compliance Standards Fall Short in the PCN World

For most organizations, aligning with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) feels like a logical choice.

11 September 2025

Blog Post

Beyond the Checklist: Embedding Ethical AI Principles in Your Third-Party Compliance Assessments

As artificial intelligence increasingly is embedded into companies' products and services, ethical implementations must be treated as a foundational requirement.