I am often asked what is the difference between compliance and security? My first answer is, “They are not the same”. The most common misconception is thinking there is no difference between compliance and security. In truth, they each play very different roles.
The Meaning of Security and Compliance
Compliance : (1a) the act or process of complying to a desire, demand, proposal, or regimen or to coercion. (1b) conformity in fulfilling official requirements. (2) a disposition to yield to others.
Security: (1) the quality or state of being secure. (4a) something that secures : protection. (4b1) measures taken to guard against espionage or sabotage, crime, attack, or escape. (4b2) an organization or department whose task is security.
Compliance does not equal security. It is simply a snapshot of how your security program meets a specific set of security requirements at any given moment. It means that you meet a technical, or non technical requirement at the time someone has verified it. For example: As part of compliance, you have to have a lock on the file cabinet in your office. You have the lock so you are compliant. Security would be to make sure you actually LOCK the lock. Being compliant does not mean you are secure. They do however, go hand in hand.
Compliance is much more than being compliant in your medical practice. There is something you need to comply with for travel, jobs, laws, etc. Anything that has rules and protocols will most likely deal with compliance.
Security on the other hand is being secure. Taking the measures and following the guidelines to be safe at all times. You may be compliant because you have an alarm system, but you are not secure if you don’t activate it when you leave. Security has its own set of guidelines and standards. For more information, visit the National Institute of Standards and Technology.
Difference between compliance and security – June, 2016