Policy as Code Engine for Preventive compliance management

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Policy as Code Engine for Preventive Compliance Management

    The Policy as Code Engine (PaCE) enables compliance managers to effectively map control objectives and manage compliance within digital workflows. It integrates with Governance, Risk, and Compliance (GRC) to validate policies and identify exceptions before deployments, ultimately preventing non-compliant activities during the software development process.

    Show full answer Show less

    Key Features

    • Integration with GRC: Allows PaCE policies to be associated with control objectives, enhancing compliance management.
    • Custom Code Logic: Users can create custom logic to validate policies prior to deployment, ensuring compliance checks are performed before code commitment.
    • Embedded Compliance: Compliance is integrated into employee workflows, informing users of potential non-compliance in real-time.
    • Exception Handling: Employees can request exceptions if necessary, allowing workflows to proceed without unnecessary delays.

    Key Outcomes

    • Reduced Training Needs: Embedding controls within workflows minimizes the need for extensive employee training.
    • Automated Compliance Monitoring: Ensures adherence to controls with automated checks, reducing manual review efforts.
    • Streamlined Audits: Automated audit logs facilitate easier access for compliance teams, lowering the burden of manual audits.
    • Lowered Risk: Continuous monitoring decreases the chances of compliance violations.
    • Enhanced Visibility: Provides real-time compliance status to relevant stakeholders.
    • Improved Workflow Velocity: Allows for quicker exception requests, ensuring workflow completion is not hindered.

    Compliance managers can map the control objective with the Policy as Code Engine (PaCE). PaCE calls GRC passing the document reference and the PaCE policy for which exceptions need to be determined. Control owners can view the PaCE logs to understand the compliance or non-compliance instances.

    With increasing number of regulations that organizations must comply with and equally increasing technology risks, organizations are obligated to integrate preventive controls in the digital workflows. For example, when a new software application is developed during a DevOps process, there are several IT policies and controls that have to be implemented and validated to reduce technology risk.

    With Policy as Code Engine, you can write your own custom code logic to validate a policy and integrate in a deployable instance. PaCE policy validates the code even before it is committed into a deployable instance and checks for its compliance. If there is non-compliance, the deployment is stopped. To integrate with GRC, PaCE as a policy is added to a control objective using the Compliance Data Source Registry feature.

    Preventive compliance management through integration with PaCE prevents compliance team, operations team, DevOps engineers from performing non-compliant activities. On the other hand, this integration helps them to raise exceptions in advance.

    Key features of this integration are:
    • Compliance is embedded in the employee workflows to improve the overall experience of the employees.
    • Customers can codify their controls and based on the execution status, employees can be informed if their action in the workflow would determine non-compliance.
    • In case of non-compliance, based on a business requirement the employees can request an exception and continue with the digital workflow.
    Key benefits through this integration are:
    • Reduced reliance on employee training: Since the controls are embedded in the workflows, the number of trainings that employees have to go through are considerably reduced.
    • Automated reviews and compliance monitoring: Automated checks ensure that controls are not violated, thereby decreasing the task of manual reviews.
    • Automated audit logs: Audit and compliance teams can access the automated audit logs, which reduce the task of manual audits and evidence collection.
    • Lower risks and reduced violations: Continuous monitoring of controls minimizes the probability of violations.
    • Visibility: Provides real-time visibility of compliance to stakeholders such as business, risk, and compliance teams.
    • Velocity: Increases the velocity of workflows as employees can request exceptions if there is business need without impeding the completion of the workflow.