Microsoft has published a Regulatory Compliance Planning Guide
which maps processes to the key regulatory obligations of a business
and then suggests Microsoft technology (of course) for performing those
processes.

It identifies the key processes as follows:
•    Document Management
•    Business Process Management
•    Project Management
•    Risk Assessment
•    Change Management
•    Network Security
•    Host Control
•    Malicious Software Prevention
•    Application Security
•    Messaging and Collaboration
•    Data Classification and Protection
•    Identity Management
•    Authentication, Authorization, and Access Control
•    Training
•    Physical Security
•    Vulnerability Identification
•    Monitoring and Reporting
•    Disaster Recovery and Failover
•    Incident Management and Trouble-Tracking

Even
though it refers to US laws and uses Microsoft resources and products
only this is a useful framework for IT managers and compliance officers.