Compliance teams then validate these controls, systems, tools, and processes are functioning as designed by focusing on the regulatory requirements or frameworks for protecting company data. The ultimate goal is to manage risk through the oversight and adherence to regulations, laws, guidelines, specifications, frameworks, and policies to ensure companies are compliant with the minimum security-related requirements.