What is compliance as a service

Compliance Management

Aim:ITIL Compliance Management ensures that IT services, processes and systems comply with company guidelines and legal requirements.

German name: Compliance Management

part of: Service Design

Process owner: Compliance Manager


Process description

Compliance management is not on the official list of ITIL 2011 processes or ITIL 4 practices - but compliance issues are considered in different ITIL processes, and compliance is an increasingly important aspect for IT organizations.

So there is a lot to be said for the definition and implementation of a compliance management process, and with IT Process Maps we therefore decided to introduce our own compliance management process in the ITIL® process map. This clearly regulates the responsibility for compliance issues.

ITIL does not provide detailed descriptions of all aspects of compliance management. Instead, ITIL provides an overview of the most important activities and helps determine the interfaces with the other service management processes.

Due to the introduction of design coordination in ITIL 2011, the data flows have changed slightly. The overview diagram for Compliance Management (.JPG) illustrates the most important interfaces of the ITIL process (see Fig. 1).



No sub-processes are specified within ITIL Compliance Management.



The following ITIL terms and acronyms (Information objects) are used in ITIL Compliance Management to represent the process outputs and inputs:


Compliance register

  • The compliance register is a tool used by compliance management that provides an overview of all conformity requirements for the IT organization as well as the precautions for their enforcement.

Compliance review

  • The results of regular evaluations of process and system conformity are documented in the compliance review. In particular, the identified deviations from the conformity requirements as well as measures to correct them are recorded.

Company guidelines

  • A set of rules and guidelines that are mandatory for the company. These guidelines are an important input for the compliance management process.


Roles | Responsibilities

Compliance Manager - Process Owner

  • The compliance manager is responsible for ensuring that the applicable standards and guidelines are followed. Above all, he ensures compliance with company-specific procedures and external legal regulations.




[1] A: Accountable According to the RACI model: Responsible for ensuring that ITIL compliance management as an overall process is carried out correctly and completely.

[2] R: Responsible according to the RACI model: Responsible for the execution of certain tasks in ITIL Compliance Management.



From: Stefan Kempter, IT process maps.


Overview ›Process Description› Definitions ›Roles