Policy as Code Engine for Preventive compliance management

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • Compliance managers can map the control objective with the Policy as Code Engine (PaCE). PaCE calls GRC passing the document reference and the PaCE policy for which exceptions need to be determined. Control owners can view the PaCE logs to understand the compliance or non-compliance instances.

    With increasing number of regulations that organizations must comply with and equally increasing technology risks, organizations are obligated to integrate preventive controls in the digital workflows. For example, when a new software application is developed during a DevOps process, there are several IT policies and controls that have to be implemented and validated to reduce technology risk.

    With Policy as Code Engine, you can write your own custom code logic to validate a policy and integrate in a deployable instance. PaCE policy validates the code even before it is committed into a deployable instance and checks for its compliance. If there is non-compliance, the deployment is stopped. To integrate with GRC, PaCE as a policy is added to a control objective using the Compliance Data Source Registry feature.

    Preventive compliance management through integration with PaCE prevents compliance team, operations team, DevOps engineers from performing non-compliant activities. On the other hand, this integration helps them to raise exceptions in advance.

    Key features of this integration are:
    • Compliance is embedded in the employee workflows to improve the overall experience of the employees.
    • Customers can codify their controls and based on the execution status, employees can be informed if their action in the workflow would determine non-compliance.
    • In case of non-compliance, based on a business requirement the employees can request an exception and continue with the digital workflow.
    Key benefits through this integration are:
    • Reduced reliance on employee training: Since the controls are embedded in the workflows, the number of trainings that employees have to go through are considerably reduced.
    • Automated reviews and compliance monitoring: Automated checks ensure that controls are not violated, thereby decreasing the task of manual reviews.
    • Automated audit logs: Audit and compliance teams can access the automated audit logs, which reduce the task of manual audits and evidence collection.
    • Lower risks and reduced violations: Continuous monitoring of controls minimizes the probability of violations.
    • Visibility: Provides real-time visibility of compliance to stakeholders such as business, risk, and compliance teams.
    • Velocity: Increases the velocity of workflows as employees can request exceptions if there is business need without impeding the completion of the workflow.