A compliance document register ensures that the organization maintains oversight and traceability of all documents required to meet regulatory, legal, and service-related obligations. The register is essential for audits, governance, risk management, and operational continuity. According to EPI’s GRC framework, the minimum categories that must be included arelegalandservicecompliance documents.
Legal documents include regulatory requirements, statutory obligations, contracts, permits, safety regulations, environmental compliance mandates, and jurisdictional requirements. Service documents include SLAs, OLAs, underpinning contracts, service catalogs, and operational procedures required to fulfill service commitments. These categories represent the core compliance landscape affecting the organization’s ability to operate legally and deliver services contractually.
Options B, C, and D list other organizational elements that may appear in broader documentation sets but arenot fundamental compliance categories. Marketing, budgeting, staffing policies, and business culture documents do not constitute mandatory compliance obligations and are not required for inclusion in a compliance register.
Thus, the correct answer isA – Legal and service.
