Conformity (compliance) refers to adherence to all relevant legal, regulatory, contractual, and internal requirements. In an ISMS context this includes data protection laws (GDPR), industry-specific regulations, contractual obligations to customers, and the requirements of ISO 27001 itself. ISO 27001 clause 9.1 requires conformity monitoring. You need a process that regularly verifies whether your ISMS meets all applicable requirements. In practice this includes internal audits, management reviews, and an up-to-date legal register. Deviations are documented as nonconformities and addressed through corrective actions.