This article provides an overview and summary of the COBIT 5 process Compliance with External Requirements, which is part of the Management – Monitor (Monitor, Evaluate, Assess) domain.

The purpose of this COBIT process is to evaluate that IT and organisation processes are compliant with the external laws, regulations and contractual obligations.

The following sub-governance processes are further supported by a list of control activities:

  1. Identify external compliance requirements. Continually identify and monitor for changes in local and international laws, regulations and other external requirements that must be complied with.
  2. Optimise response to external requirements. Update policies, standards, procedures and methodologies to ensure that legal, regulatory and contractual requirements are addressed and communicated.
  3. Confirm external compliance. Confirm compliance of policies, standards, procedures and methodologies with legal, regulatory and contractual requirements.
  4. Obtain assurance of external compliance. Obtain and report assurance of compliance and adherence with policies, standards, procedures and methodologies.

For more information please contact Morland-Austin at