More often than not organizations structure their internal security framework based almost exclusively upon regulatory and business compliance drivers. Through the discussions and drivers that are occurring in the security community as well as the cross-pollination into the business community, security compliance framework is changing direction. This talk will guide the audience though a history of regulatory compliance focusing on SAS70’s, ISO 2700x, PCI-DSS, HIPAA, SOX, and GLBA. Through this historic analysis, we will extract the known trends and forecast where the future is taking the security compliance landscape.