A quick visual explanation of Compliance as Code

Person standing before computer monitor.

In the opening, we said that Compliance as Code gives us the structures to read, interpret, and output compliance requirements in human-readable and machine-readable formats simultaneously. But what does that really mean for us as end-users, integrators, and developers? Let’s go through a simple “explanation as visualization.” Below is a diagram of a Role Description that anyone’s organization might have. It’s shown visually here as an HTML file.

HTML Role Description page
HTML Role Description page

Notice the URL for this document: https://grcschema.org:3005/api/Role/629/render. We bolded the last word for emphasis. This document was created – on the fly – using an API call. What’s embedded in this document is what is important.

By merely taking off the render portion of the API call (https://grcschema.org:3005/api/Role/629/), the page now displays as native JSON-LD. With the flip of a switch, the human-readable document is stripped away to reveal the machine-readable document that created it.

JSON-LD API output of a Role Description
JSON-LD API output of a Role Description

And that machine-readable document can be traced back to the JSON-LD schema that defines it, shown below (courtesy of grcschema.org), which can be found at https://grcschema.org/Role.

JSON-LD schema of a Role Description
JSON-LD schema of a Role Description

A simple process lives between the output (JSON-LD embedded into HTML, OpenDoc, or PDF) and the JSON-LD schema, as shown in the diagram below.

Compliance as Code data flow
Compliance as Code data flow

From left to right, output (JSON, HTML, OpenDoc, PDF, etc.) is generated by a requesting application. That application gets the data through a standardized API process that hits an API gateway to draw data from an API application. Of course, the API application formats the data according to the JSON schema.

Why is this important? One of the freeing things is that the Compliance as Code flow allows an application to draw API data from multiple gateways simultaneously, as shown in the following diagram.

Compliance as Code data flow in a shared environment
Compliance as Code data flow in a shared environment

For instance, the Roles Description document we used above draws information from all the following API sources:

  • UCF’s Roles API for multiple parts
  • onetcenter.org for Occupational Listings
  • OpenSkillsNetwork.org for Skill listings
  • Badgr.org for Qualification Badges

In this example, Compliance as Code allows for open, shared definitions of occupations, skills, knowledge, and even shared skill badges.

Overall, Compliance as Code allows both interoperability and machine-actionable content to be created as well as consumed.

Topics