CheckRun
ops compliance legal

Compliance Checklist

A compliance checklist for ongoing regulatory monitoring. Covers data protection, security, HR, operational, and audit-readiness areas for any business.

5 sections 34 items

Checklist preview

Data Protection & Privacy 8 items
  • Privacy policy is published and up to date
  • Data processing activities are documented (ROPA)
  • Lawful basis for each data processing activity is identified
  • Data subject rights process is in place (access, erasure, portability)
  • Cookie consent is implemented and compliant
  • Data retention policy is defined and enforced
  • Third-party data processors have signed DPAs
  • Data breach response procedure is documented and tested
Information Security 7 items
  • Access control policy is in place and enforced
  • Multi-factor authentication enabled for critical systems
  • Software and systems patched to current versions
  • Security awareness training completed by all staff
  • Penetration test or vulnerability scan completed in last 12 months
  • Incident response plan is documented and tested
  • Data backup and recovery tested successfully
HR & Employment 7 items
  • Employment contracts are up to date and signed
  • Right-to-work checks completed for all employees
  • Equal opportunity and anti-discrimination policies in place
  • Mandatory HR compliance checklist training completed
  • Performance review process documented and followed
  • Disciplinary and grievance procedures are published
  • Health and safety risk assessments are current
Operational & Financial 6 items
  • Business licenses and registrations are current
  • Tax filings are up to date
  • Anti-bribery and corruption policy is in place
  • Conflicts of interest policy is signed by relevant staff
  • Insurance coverage is current and adequate
  • Financial controls and approval authorities documented
Audit Readiness 6 items
  • All policies are version-controlled and accessible
  • Evidence of compliance activities is retained and organized
  • Previous audit findings have been remediated
  • Internal audit schedule is defined
  • Compliance responsibilities are assigned to named owners
  • Board or management reporting on compliance status is current

A compliance checklist turns regulatory obligations into a repeatable review process. Instead of scrambling before an audit or relying on one person’s knowledge of what needs to be in place, you run the same structured check on a regular cadence — and keep a dated record of what was verified.

This checklist covers the five areas that appear in most regulatory compliance frameworks: data protection, information security, HR and employment, operational and financial controls, and audit readiness.

Who uses this compliance checklist

Compliance officers and risk managers doing periodic regulatory compliance checklist reviews. Operations managers responsible for keeping the business audit-ready. HR teams running their own HR compliance checklist for employment law obligations. IT managers covering the IT compliance checklist side: access controls, patching, security training. Small business owners managing compliance without a dedicated compliance function.

How to run it

Open CheckRun in your browser, select this template, and start a run at the start of each compliance review cycle — quarterly, semi-annually, or ahead of an audit. Work through each section with the relevant department owner. Mark Fail on any item that is out of date or missing, and add a comment with what needs to be remediated.

Each run saves with a timestamp. Run this checklist on the same schedule and you build a compliance history — useful evidence during audits or due diligence reviews.

Adapting this business compliance checklist

  • Add an industry-specific section for regulated sectors: financial services (FCA, AML), healthcare (HIPAA), or e-commerce (PCI DSS)
  • Add a GDPR compliance checklist section if operating in the EU: lawful basis documented per processing activity, DPO appointed if required, cross-border transfer mechanisms in place
  • Add a statutory compliance checklist for your jurisdiction: company secretarial filings, annual returns, director obligations
  • Trim to Data Protection and Audit Readiness sections for a lightweight quarterly check
  • Use alongside the Due Diligence Checklist when onboarding vendors who must meet your compliance standards

Compliance checklist vs compliance audit

A compliance checklist is a self-assessment tool — you review your own status against known obligations. A compliance audit is an independent verification by a third party. The checklist prepares you for the audit: if everything on the checklist passes, you are in a strong position going into external review.

All templates