Compliance as Code
Compliance-as-Code
What is compliance as code?
Compliance-as-Code can be summarized as the organizational capability to automate the implementation, verification, remediation, monitoring, and compliance status reporting. This automation comes in the form of code and is integrated into the code repositories used by Devs and Engineers. It becomes “just another piece of code.”
- Using code to describe, validate, (possibly) remediate, monitor, and report compliance requirements and status
- Measured against regulatory standards and internal governance
- Includes (but not limited to):
- Security
- Infrastructure configuration
- Privacy
- Policies: Government, finance, health, etc.
- Licensing (i.e., Open Source)
Why use compliance as code?
Just as with any other *aC, precision and repeatability of code execution eliminate human error.