POLICY-AS-CODE ARCHITECTURAL GOVERNANCE FOR CONTINUOUS COMPLIANCE IN PUBLIC-SECTOR HYBRID CLOUD MODERNIZATION
DOI:
https://doi.org/10.46121/pspc.54.1.3Keywords:
Policy-As-Code, Architectural Governance, Hybrid Cloud, Continuous Compliance, Public Sector, Devsecops, Regulatory Compliance.Abstract
Public-sector modernization programs increasingly adopt hybrid cloud architectures where cloud-native services coexist with mission-critical legacy systems under strict regulatory, security, and privacy controls. Traditional architectural governance relies on manual compliance reviews, static documentation, and periodic audits, resulting in slow modernization cycles, inconsistent enforcement, and limited audit traceability. This paper proposes a policy-as-code architectural governance framework that expresses regulatory, security, privacy, and operational requirements as machine-verifiable architectural fitness functions integrated into continuous integration and deployment pipelines. The framework enables continuous compliance verification, automated generation of audit evidence, and traceable management of policy exceptions across hybrid and legacy environments. A prototype implementation is realized within a government case-management modernization platform, demonstrating significant reductions in governance review time, improved consistency of compliance enforcement, and enhanced audit readiness. The proposed approach establishes a practical and scalable model for continuous architectural governance in regulated public-sector cloud transformations.
