Measuring compliance is very important, but difficult to achieve. One of the most difficult issues with compliance is precisely how to measure it as the determination is very subjective. There are different types of compliance.
For us, compliance itself is not necessarily a simple concept – compliance or non-compliance. Rather, it is important to differentiate between different types of compliance or non-compliance. For example, one strand of research on regulatory compliance argues that organisations might comply with the letter of the law without complying with its spirit, or they might comply with its spirit but genuinely disagree about what the letter of the law requires. People here identify the existence of “creative compliance” (compliance with the letter of the law but not its spirit) versus “non-compliance”.
There is no such thing as absolute compliance.
An interesting article on the topic is Nielsen & Parker (2006), “Is it possible to measure compliance“, paper presented at the “Frontiers of Regulation: Assessing Scholarly Debates and Policy Challenges” conference, University of Bath, September 7-8 2006.
Using our IT Legal Framework is one way to measure compliance.