From 1a23ae9cd755b212a7fceb0525f6ad80b02f03b6 Mon Sep 17 00:00:00 2001
From: Deepti Navale <dnavale@redhat.com>
Date: Thu, 13 Aug 2015 13:16:46 +1000
Subject: [PATCH] Moved the legal requirements into a common section in Arch
 guide.

Change-Id: Iccca40c56673b61bb5626d032a085b8a5318784e
Implements: blueprint arch-guide
---
 doc/arch-design/bk-openstack-arch-design.xml  |  1 +
 .../ch_legal-security-requirements.xml        | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 doc/arch-design/ch_legal-security-requirements.xml

diff --git a/doc/arch-design/bk-openstack-arch-design.xml b/doc/arch-design/bk-openstack-arch-design.xml
index 4db7a6cd3a..4892d07e4b 100644
--- a/doc/arch-design/bk-openstack-arch-design.xml
+++ b/doc/arch-design/bk-openstack-arch-design.xml
@@ -73,6 +73,7 @@
          these types of statements. -->
     <xi:include href="../common/ch_preface.xml"/>
     <xi:include href="ch_introduction.xml"/>
+    <xi:include href="ch_legal-security-requirements.xml"/>
     <xi:include href="ch_generalpurpose.xml"/>
     <xi:include href="ch_compute_focus.xml"/>
     <xi:include href="ch_storage_focus.xml"/>
diff --git a/doc/arch-design/ch_legal-security-requirements.xml b/doc/arch-design/ch_legal-security-requirements.xml
new file mode 100644
index 0000000000..f5a7136fe4
--- /dev/null
+++ b/doc/arch-design/ch_legal-security-requirements.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         version="5.0"
+         xml:id="security-legal-requirements">
+  <?dbhtml stop-chunking?>
+  <title>Security and legal requirements</title>
+  <para>This chapter discusses the legal and security requirements you
+    need to consider for the different OpenStack scenarios.</para>
+  <section xml:id="legal-requirements">
+    <title>Legal requirements</title>
+    <para>Many jurisdictions have legislative and regulatory
+    requirements governing the storage and management of data in
+    cloud environments. Common areas of regulation include:</para>
+    <itemizedlist>
+      <listitem>
+        <para>Data retention policies ensuring storage of
+        persistent data and records management to meet data
+        archival requirements.</para>
+      </listitem>
+      <listitem>
+        <para>Data ownership policies governing the possession and
+        responsibility for data.</para>
+      </listitem>
+      <listitem>
+        <para>Data sovereignty policies governing the storage of
+        data in foreign countries or otherwise separate
+        jurisdictions.</para>
+      </listitem>
+      <listitem>
+        <para>Data compliance policies governing certain types of
+        information needing to reside in certain locations due to
+        regulatory issues - and more importantly, cannot reside in
+        other locations for the same reason.</para>
+      </listitem>
+    </itemizedlist>
+    <para>Examples of such legal frameworks include the <link
+      xlink:href="http://ec.europa.eu/justice/data-protection/">data
+      protection framework</link> of the European Union and the
+    requirements of the <link
+      xlink:href="http://www.finra.org/Industry/Regulation/FINRARules/">
+      Financial Industry Regulatory Authority</link> in the United
+    States. Consult a local regulatory body for more information.
+    </para>
+  </section>
+</chapter>
+