Slide 18
Slide 18 text
LEARNING
70
“You know what we did today? We applied the same concepts of
infrastructure as code to our governance. I’m going to go out on a limb with
this one. Omar, what you showed with REGO, you showed policy as code. Our
policies can be source controlled, just like our software and some of our
infrastructure.”
“Policy as code? Does this mean that Audit and Risk need to hire developers
and learn to write code? Your demo seemed great, but if we have to write
code, I’m not sure this will work.”
“Um, I guess we didn’t think about that.”
“No, I don’t think so, Andrea. This is where we can collaborate. Based on how
things are being built, someone will need to understand how to write the
policies into the REGO, but it doesn’t have to be Risk. we can have a policy
team. Andrea, or Barry, when we need to implement a control with this
approach, an engineer can be there to help.”
TURBO EUREKA