Legal compliance with respect to the architecture of IT consists of policies and procedures that ensure the organization is operating in a way that follows the letter and intent of laws that have jurisdiction over the organization’s operations. These laws can be very broad at times and can usually be satisfied with diligently following security Best Practices. However, many aspects of these laws also require a design and actions that do not provide real security at all and only serve as a type of security theater. Never-the-less they must be strictly adhered to in order to reduce the risk of legal proceedings that may damage a company or even drive it out of business.

You can think of many of these laws, in terms of architecture, as the style rules of an HOA. They may serve to try and provide a certain style to a neighborhood, but they do not provide any structural or functional purpose to a house. However, if you do not abide by them, you will have hateful neighbors at best and at worst you will have a lien put on your house.

Legal counsel may not fully understand the application of these laws, so it is in your purview to become familiar with them if they apply to you and make sure that your organization is stringently following them.