Microsoft has published a Regulatory Compliance Planning Guide
which maps processes to the key regulatory obligations of a business
and then suggests Microsoft technology (of course) for performing those
processes.
It identifies the key processes as follows:
• Document Management
• Business Process Management
• Project Management
• Risk Assessment
• Change Management
• Network Security
• Host Control
• Malicious Software Prevention
• Application Security
• Messaging and Collaboration
• Data Classification and Protection
• Identity Management
• Authentication, Authorization, and Access Control
• Training
• Physical Security
• Vulnerability Identification
• Monitoring and Reporting
• Disaster Recovery and Failover
• Incident Management and Trouble-Tracking
Even
though it refers to US laws and uses Microsoft resources and products
only this is a useful framework for IT managers and compliance officers.