Many discussions either start or end with regulatory compliance. Heres an interesting white paper on Microsoft's approach to regulatory compliance as implemented by Microsoft IT.

Excerpt: "The purpose of this white paper is to share some of the processes and tools that the Microsoft Information Technology (Microsoft IT) group currently uses to systemize the approach of supporting regulatory compliance activities at Microsoft. This paper assumes that readers are business and technical decision makers already familiar with IT organization processes, operations, and controls. This paper is based on Microsoft IT’s experience and recommendations and is not intended to serve as a procedural guide. Each enterprise environment has unique circumstances; therefore, each organization should adapt the plans and lessons learned described in this paper to meet its specific needs."

Heres the link: