Initial information about Compliance as Code

What is Compliance as Code? As the homepage of this website states, Compliance as Code gives us the structures to read, interpret, and output compliance requirements in human and machine-readable formats simultaneously. It also allows us to standardize our responses to these requirements concurrently in human and machine-readable formats.
But what does that mean? Let’s look at the diagram below as an explanation.
*Compliance as Code flow of information*

Output

Let’s start with the output. The best way to demonstrate this output is to have you click two links. First, click THIS LINK to see what a Roles document could look like on a web page or in Word, a PDF, etc. Now, click THIS LINK to see what the same document looks like without the “render” tag at the end of the API call. It is the exact same content, a JSON-LD formatted document that can be rendered for humans to read, or not rendered for computers to read.

Requesting Applications

For this demonstration, the requesting application is your browser. But it could be any application that is JSON-LD aware. Our focus will be to build out a suite of no-code applications that are JSON-LD Compliance as Code aware applications.

API Process

The API process that was used to create this document is a straight out API call through the browser. To extend that we will be building out a suite of API calls that leverage hundreds of Compliance as Code functions.

API Gateway

The UCF is building out the first ever API gateway specifically designed to handle the types of Compliance as Code API calls that will be needed for our industry.

API Application

ANY API application that registers with the API gateway will be able to facilitate your API calls.

JSON Schema

And of course, all of this is build on a JSON-LD schema that can be found at GRCSchema.org.