In the information security standards arena 'compliance' is a carefully chosen word. It means checking the situation against the standard, usually ISO17799. It does NOT mean certification, which is an audited, certified, status.

Quite often, compliance is seen as the forerunner to certification. It is sometimes viewed as "getting one's house in order" prior to the next step. It isn't actually quite that simple, but the idea is there.

There are various tools to assist and record compliance checking. However, many people simply use a spreadsheet. All approaches though work reasonable well with a standard such as 177999, with many yes/no/not-applicable clauses.