One way to view compliance policies is grouping them into mandatory and voluntary policies. Mandatory are those dictated by law. Voluntary are those the organization has imposed to futher business objectives and manage risk.
Thanks to Carole Switzer, President of OCEG for this perspective.