A guide to compliance terminology

Compliance terminology may be used in many different organizational settings and for many different reasons. If you have ever wondered what the difference between a policy or procedure is, then read on! 

Compliance terminology definitions

Policy: A policy is a plan or course of action adopted or pursued by an organization, government, or individual. It is a statement of intent that guides the decision-making and actions of the entity that adopts it. Policies can be formal, written documents that outline specific actions to be taken or behaviors to be followed; or they can be more informal guidelines that are understood by members of the organization. Policies are often put in place to achieve specific goals or to ensure compliance with laws and regulations. They can be broad in scope, covering a wide range of activities. Alternatively, they can be narrow and specific to a particular issue or area of concern.

Procedure: A procedure is a series of steps taken in order to achieve a particular end. It can be a set of instructions for carrying out a task, or a plan of action for solving a problem. Procedures can be formal, with specific steps that must be followed in a particular order. Alternatively they can be informal, with a more flexible approach to achieving the desired outcome. Procedures can be used in a variety of contexts, including business, science, and everyday life.

Process: A process details the steps of tasks that need to be completed in order to accomplish something.  They can relate to the creation of a product, provision of a service or completion of a project for example. The process should include details of who is responsible for completing it, the tasks that should be performed. Additionally, a process should also detail when it should be completed.

Standard operating process (SOP) : An SOP is a document that outlines the steps that are required to complete a particular process. SOPs are used in many different industries to ensure that work is done in a consistent and efficient manner. They can be used to document procedures for anything from manufacturing processes to customer service protocols. SOPs can help to improve the quality of work, reduce errors, and increase efficiency by providing clear and detailed instructions for completing tasks.

Types of compliance

There are many different types of compliance, not all may be relevant to your organization. The list below includes many common types, but is not exhaustive, there are others!

Anti-bribery: This refers to laws and regulations that prohibit offering, giving, soliciting, or accepting bribes.

Anti-money laundering (AML): These laws and regulations seek to prevent the proceeds of criminal activities from being laundered, or disguised as legitimate funds, through financial institutions.

Data protection: This refers to the laws and regulations that aim to protect the privacy and security of personal data. Examples are the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Export control: These laws and regulations regulate the export of goods, technology, and services to other countries. They are sometimes needed for national security or economic reasons.

Fair lending: This refers to laws and regulations that prohibit discrimination in lending on the basis of race, ethnicity, religion, gender, and other protected characteristics.

Financial reporting: This refers to the requirement for companies to accurately and transparently disclose their financial performance and position to stakeholders, such as shareholders and regulators.

Healthcare compliance: This refers to the laws and regulations that govern the healthcare industry. An example is HIPAA (the Health Insurance Portability and Accountability Act) in the US, which protects the privacy of patients' personal and medical information.

Sanctions: These are economic, financial, or trade measures imposed by governments or international organizations to punish countries or individuals for misconduct. They may be imposed for violating human rights or supporting terrorism.

Securities laws: These are laws and regulations that govern the buying, selling, and trading of securities, such as stocks and bonds, in order to protect investors and maintain fair and orderly financial markets.

Tax compliance: This refers to the laws and regulations that require individuals and businesses to pay their fair share of taxes, and to accurately report and pay those taxes to the appropriate authorities.

Managing your policy lifecycle in SharePoint


A complete guide to Standard Operating Procedures

This seven part series considers the entire lifecycle for an SOP, from creation to training and updates. Find out more here.


The Open Compliance and Ethics Group (OEGC) was founded in 2002 and quickly became the leading authority on compliance, ethics, risk management, governance and more. They have taken GRC management to a whole new level and offer training and other resources that we highly recommend. For more information please visit their website: OCEG - The Ultimate Resource for Governance, Risk and Compliance (GRC) 

You may also like: