Time-to-Compliance (TtC) is a metric that measures the duration it takes for an organization to fully meet a specific regulatory requirement, industry standard, or internal policy.

In the context of business, especially in cybersecurity and regulatory fields, it often refers to:

• The time from the moment a new regulation or standard is announced or takes effect until the organization has all necessary systems, controls, and documentation in place to be certified as fully compliant.
• The time it takes to fix a compliance gap, that is, the period from when an audit or assessment identifies a control failure or violation until that issue is completely remediated.

Key takeaway: The goal for most organizations is to reduce their Time-to-Compliance (or Mean Time to Compliance - MTTC), as a shorter timeframe typically indicates a more agile, efficient, and robust compliance program, which reduces the risk of fines, legal penalties, and reputational damage.