A compliance requirement is any formal statement that affects how the organization operates and how its personnel behave.

Your set of requirements will typically include:

  • Statutes and regulations applicable to your industry and jurisdiction
  • Commercial requirements that you must meet to continue trading, such as professional standards or listing rules
  • Standards such as ISO 14001 or ISO 9001, that you choose to comply with as a matter of principle or as a marketing necessity
  • Any other formal standards or requirements that the Board chooses to impose

Don’t try to include every conceivable obligation. The concern is only with those that specifically constrain the organization’s activities, or with which your personnel should be familiar.


Create a compliance requirement page for each requirement. This page serves as the starting point for implementing and substantiating the organization’s compliance with the requirement.

  1. Interpret the requirement in relation to the organization’s activities. Statutes and standards are necessarily written to apply to organizations and activities in general. The task here is to relate the generality of the requirement to the specifics of the organization’s actual activities. 
  2. Create a schedule of compliance items. These are the elements of the requirement that call for some action from the organization. For some requirements (like ISO standards) this might be all the clauses of the standard. For statutes and regulations there are usually just a few clauses or sections that are relevant.
  3. Link each schedule element to the policy and procedure pages through which the organization achieves compliance.