Practice continuous compliance vocabulary: compliance-as-code, automated evidence collection, drift reports, and real-time policy adherence dashboards.
0 / 5 completed
1 / 5
Your security team says 'Compliance-as-code automates evidence collection.' What does compliance-as-code mean?
Compliance-as-code treats compliance controls as code — using tools like Open Policy Agent, Chef InSpec, or AWS Config rules to automatically enforce controls and generate machine-readable evidence. This replaces manual quarterly checks with continuous automated validation.
2 / 5
A platform engineer says 'The control is tested on every deployment.' What does this mean for the audit cycle?
When compliance controls are integrated into the CI/CD pipeline, every deployment tests and documents control status. This creates a continuous stream of evidence and catches drift immediately — a major improvement over point-in-time annual audits.
3 / 5
A compliance dashboard shows 'The drift report shows 3 resources out of compliance.' What is configuration drift?
Configuration drift occurs when actual infrastructure state diverges from the declared desired state. In compliance contexts, drift means resources no longer meet policy requirements — often caused by manual changes bypassing the approved change management process.
4 / 5
Your compliance report shows '94% policy adherence.' What does this metric indicate?
Policy adherence percentage measures what fraction of compliance checks are currently passing. 94% means 6% of resources or controls have drifted from required policy — those items need investigation and remediation. Continuous compliance dashboards show this in real time.
5 / 5
A team uses 'automated evidence collection' via a compliance platform. What is the key advantage over manual evidence collection?
Manual evidence collection (screenshots, exports, spreadsheets) is labor-intensive, error-prone, and only captures a moment in time. Automated evidence collection continuously captures structured data — who approved what, when controls ran, what the state was — making audits faster and more reliable.