I get this question at lot. What would you recommend?
My response is normally:
1. SharePoint allows you to do a lot with governance and compliance and in some cases it’s an overkill and can turn a SharePoint administrator into the Compliance Officer. Your company probably has a compliance officer so they need to be very familiar with the SharePoint capabilities and implications, so SharePoint can assist their job, rather than the admin doing their job.
2. When I’ve spoken to companies on this, I always ask “What are you currently doing with governance and compliance and set the boundaries with this before you speak to vendors” This will make the pre sales conversations direct and specific to you.
3. There’s a lot of information on the internet on this subject, so this can be a challenge in researching this subject.
A good place to start would be what are you doing with SharePoint 2003 on this subject?
Articles of interest: