Regulatory compliance is a business requirement driven by the need to perform regulated tasks like accepting credit cards as payment, conducting health care activities, running energy production facilities, and more. In contrast, security is driven by the need to protect an organization’s assets from constant threat.

Both activities often deal with security controls, but regulatory compliance is only assessed periodically through an audit. At the end of the audit an organization is granted an “Authority to Operate” wherein they can begin or continue the regulated activity.