Last updated 2023-01-14 15:10:18

What Is Policy As Code (POC)?

Table of contents


Policy as code is the idea of automating the compliance of a software environment using software instead of a staff member or team.

Use Case and examples

Depending on the software system under discussion, you might need to comply with different policies. For example, some financial systems need to be PCI compliant [↗].

These policies can also be internal ones such as how many instances of a software system can be deployed, when deployment can be done and what characters can be used in a security key.

In most organizations, these policies are managed by individuals or teams.

Automating these policies through code, software, and DevOps teams can greatly speed up software deployment processes as well as prevent compliance oversights.

These policy scripts can also serve as the single source of truth when it comes to compliance reviews.


Teams can implement the Policy As Code concept using scripting languages like Python or Shell script.

These scripts can be run as part of an Infrastructure as code [↗] setup.

Another way to implement Policy As Code is to use a policy engine such as Open Policy Agent [↗].

Here is another article you might like 😊 "Diary Of Insights: A Documentation Of My Discoveries"