Compliance is a broad concept it is not a software neither a check list but also includes those tools.
What do you have to consider to comply COMPLIANCE?
Who is responsible to comply COMPLIANCE?
When do you (your organization) to comply COMPLIANCE?
Where do you (your organization) to comply?
How can we comply?
Yes, it is optional to comply but when you start you can not drop and say (as when we were children) "... I do not want to play anymore...."
Policies, Codes, Standards, law, constitution have been design to COMPLY even if we do not like them. Is the way that society has a reference to keep running in the best way and organizations too.
So at this moment ISO is trying to set a Technical Committee to deal with this issue (as they have done with Governance & Risk) so an Scheme for GRC is in motion -at least internationally-
Do you think that each country should draw its own documents (codes / standards)?
roberto sanchez, RCDD