Therefore, when we say that an organization is in compliance, or complying, we are saying that they are following all of the rules and guidelines set before them by creating and implementing a compliance program that outlines and documents specific controls in the form of policies, standards, and procedures β and most importantly auditing or attesting that they are following those policies, standards, and procedures.