How do you architect for regulatory compliance?

I know this is a hot topic for IT managers. In a recent poll of CIOs, it ranks number one and even ahead of security. So now the question, are there models you can study to gain greater insight and provide you with some really usable guidelines?

Here is a great white paper that does just that. I found it really useful since it provides the processes and tools that the Microsoft Information Technology Group uses to “systemize the approach of supporting regulatory compliance.” And, “this approach uses a framework of common security controls, unique tools for monitoring, and IT tools for tracking and reporting compliance.”

It is worth the read to gain deeper insights.

Thank you,
Stephen Ibaraki