Aimed at project leads and architects scoping a new system. The choices in this series shape everything downstream — what data you collect, where it lives, who can reach it, and what your default posture is when an auditor or a data subject asks. Read this before the host-hardening and app-deployment tracks; the implementation guides assume these decisions have already been made.