On a regular trip by Michael Howard's blog I saw the following - he highlighted a new white paper on Compliance for developers which is definately worth a read.

His blog is located here: http://blogs.msdn.com/michael_howard/default.aspx 

Regulatory Compliance Demystified: An Introduction to Compliance for Developers

http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/regcompliance_demystified.asp