Security vs Compliance. What is the difference? I am often asked the question “are we in compliance?” As your IT provider, I would not know the answer to that. I would know if your out of HIPAA compliance due to lack of antivirus or antispyware, but I would not have a way of knowing if you are “out of compliance”. There is definitely a large difference in security and compliance.

Security vs Compliance

Simply put, security consists of data protection. At Tier3MD, we can help meet your security and cybersecurity needs by providing antivirus, antispyware, patch management, etc. We can also provide other security measures at a much lower cost than if you were to go out and get some protection yourself. These items include DNS protection, system monitoring and VPN services. We can also support your switches and firewalls. Having security should be a number one priority with your network. No network should be without a firewall, antivirus, antispyware, patch management and 24/7 remote monitoring. That is the advantage of a managed service provider.

Compliance in a nutshell is basically the documentation to support the laws. For example, the Government has standards called NIST. Following the NIST framework can help get you in compliance. There are different standards for different industries. Compliance works hand in hand with security but they are two very different things.

In a Nutshell


  • Is practiced for its own sake, not to satisfy a third party’s needs
  • Is driven by the need to protect against constant threats to your practice’s network
  • Is never truly finished and should be continuously maintained and improved. It really is never ending!


  • Is practiced to satisfy external requirements and facilitate the practices operations
  • Is driven by business needs rather than technical needs
  • Is “done” when the third party is satisfied, but should be reviewed on a yearly basis