Compliance as Code and the no-code movement

White square with blue arrow and three lines represent uploading data.

No-code is a way of developing MVP (minimum viable product) tools that uses drag-and-drop programming and is about what not how – you tell the system what you want, and build it. It allows end-users to become quasi-developers and build functional (but limited) applications without writing a single line of code.

In the world of Compliance as Code where digital transformation and innovation play a critical role in how we comply, speed and automation, coupled with a standardized approach can mean the difference between moving forward and falling behind.

The benefits and risks of no-code development of Compliance as Code projects

The benefits are twofold: speed and the use of resources.

Ease of development translating into Speed

No-code development is done within coding frameworks and applications, such as Bubble.io (our preferred method) and its competitors. It is drag-and-drop and the programming framework handles routing, scalability, etc.

MVPs are broken down into design, flow, data handling logic, and everything else is handled through plugins that do the “heavy lifting”. Period.

On top of that, an entire marketplace exists for pre-built templates, forms, plugins, and other elements that further speed up the process.

Because of this, you don’t need a background in software development. Pick a template, make changes to the look and feel, certain aspects of content and data handling, and you have an MVP you can stand up within your organization as a “here’s how we can transform this type of compliance data into actionable results”.

The risks

Yeah, of course there are risks – mostly limiting factors.

Customization is somewhat limited

The development platforms provide you with a limited set of design, flow, data handling logic. Adapting to using no-code platforms are like getting a new pair of cowboy boots – your feet change to fit the boots, not the other way around. Instead of providing the option to customize the development system, no-code platforms require you to change your business processes to meet their capabilities.

Customization is built outside the platform

All of the “heavy lifting” of data crunching, and sometimes even data structures, is done outside of the no-code platform.

The “heavy lifting” is normally either integrated into the no-code platform through a plugin or through API calls that do the crunching for you.

So if you want something done outside of what the tool provides, you will be dealing with your core developers to get those plugins or API calls built.

Where does no-code fit in to Compliance as Code?

Below is an illustration of the Compliance as Code environment. On the left we have the output (computer readable or human readable) and on the right is the JSON schema that is the foundation for Compliance as Code.

Compliance as Code environment
Compliance as Code environment

No-code lives within the requesting application. It’s the way to build the tools to request the data from the API processes in order to display that data to computers or humans.