Compliance Obligations are defined by ISO as “legal requirements that an organization has to comply with any other requirements that an organization has to or chooses to comply with”. In the note, it further states “Compliance obligations can arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships, codes of practice and agreements with community groups or non-governmental organizations.”
External Obligations are obligations that your organization receives from governing bodies – regulators, standards bodies, international organizations. These obligations can be mandatory (i.e. regulations from government) or voluntary (i.e. industry best practices). These obligations change over time and it is important to stay up-to-date with your external obligations.
Internal Obligations are obligations that your organization has imposed on itself voluntarily or through an agreement with a third party. In contrast to External Obligations which are imposed by a third party (i.e. Government), Internal Obligations are generated through the activities you engage in. Examples include corporate policies, environmental permits, contracts, stakeholder engagements and other agreements you have chosen to adopt.