The Journey to the Cloud enables organizations to realize the benefits of virtualization and address compliance requirements in a more secure and efficient manner. One very compelling argument for organizations migrating mission critical applications to VMware vSphere is the ability to address compliance concerns. Using best practices, an organization's compliance policy is a combination of corporate governance, industry and governmental regulations and mandated standards (SOX, PCI, HIPAA/HITEC, etc). A successful Compliance strategy is an outcome enabled by operationalizing policy via the automation of technical and manual control processes. The ideal compliance posture is to have a closed loop process which unifies business and IT policies by mapping them to common enabling controls and operating those controls in a manner which enables quicker visibility and action to mitigate deficiencies. By building a business-centered view of IT risk, this process can translate technical issues into risks relevant to business processes. This session will showcase the ongoing efforts of VMware and Symantec to produce a compliance reference architecture that enables customers to meet intersecting regulations for the cloud. The presentation will cover the private cloud use case for PCI.