I’m not telling you something you don’t know; compliance with industry regulations and standards is of paramount importance. From data protection laws to quality management frameworks, our organizations across every sector we’ve researched need to demonstrate our adherence to these requirements. Our organizations invest a significant amount of time, effort, and resources to ensure operations adhere to these increasingly stringent regulations. In fact, for compliance purposes, it is essential to maintain auditable diagrams in various Authority Documents:
• access path diagram,
• application topology diagram,
• data flow diagram,
• network diagram,
• procedure diagram,
• site plan diagram or floor plan diagram,
• software logic diagram,
• system topology diagram,
Over fifty other diagrams have been mapped within the Unified Compliance Framework. Compliance diagrams can be placed roughly into two camps. The first camp is those set of diagrams that should be created by the computer systems they apply to. The second camp is those set of diagrams that can be created by Generative Artificial Intelligence (GAI) applications like those from OpenAI, Amazon, etc. with ChatGPT being the most commonly heard of GAI. Both sets of diagrams either should or can begin as Diagrams as Code. Why? With the advent of PlantUML, a powerful language for diagramming in a plain text language, compliance efficiency comes into play.
How do diagrams created using text create compliance efficiency? Easy. Diagrams as code enable organizations to easily generate different types of diagrams from a single source – plain text language. Instead of an organization using LucidChart, Miro, FigJam, Visio, Gliffy, SmartDraw, Draw.io, Sketch, blah blah blah blah blah, your team can create the diagrams using text, and then let the software turn that text into art. If you natively draw a diagram using any of the software tools mentioned above, you are locked into that application. If you start with PlantUML, then any of the tools above that support PlantUML can be used to edit the diagram (and return it back as text as well). This reduces complexity. This reduces the cost of software, training, and overhead of working with multiple incompatible formats - Compliance Efficiency.
Originally, Diagrams as code was an approach to creating visual diagrams, such as network diagrams or architecture diagrams, using code rather than a graphical user interface. Diagrams as code are a paradigm shift for visual communication intended to allow developers, engineers, and other technical professionals to represent visual models using familiar code syntax. With diagrams as code, the diagram is generated from the code produced by software, rather than being created manually using a visual editor.
With the advent of GAI, diagrams can be created from simple prompts. For instance, the ChatGPT-4 prompts below…
Generate a short description of the following procedure [procedure] by the [R] where the [A] is accountable and the [C] is informed for [company name]. [procedure] = create media policy [R] = Media Relations Manager [A] = Human Resources Manager [C] = Legal Team [company name] = Unified Compliance Outline the procedure steps for the above. Generate a sequence diagram in PlantUML format for procedure the above.
… generate the following text (including a PlantUML diagram as code)…
The Media Relations Manager will create a media policy for Unified Compliance in collaboration with the Human Resources Manager who will ensure that the policy follows company standards and regulations. The Legal Team will also be informed of the creation of the pol-icy to provide legal oversight. Procedure Steps: The Media Relations Manager will research and draft the media policy. The Human Resources Manager will review the policy for compliance with company standards and regulations. The Legal Team will be informed of the policy and provide legal oversight. The policy will be revised and finalized as needed. The policy will be distributed to all relevant employees and stakeholders. Sequence Diagram: @startuml actor “Media Relations Manager” as MR participant “Human Resources Manager” as HR participant “Legal Team” as LT MR -> HR: Draft media policy HR -> HR: Review policy for compliance HR -> LT: Inform of policy creation LT -> LT: Provide legal oversight HR -> MR: Provide feedback on policy MR -> HR: Revise policy as needed MR -> HR: Finalize policy MR -> HR: Distribute policy to relevant parties @enduml
… for which the visual diagram looks like this:
One of the significant advantages of using diagrams as code for compliance is the ability to capture detailed information about the system in a concise and standardized manner. Traditional visual diagrams often lack the necessary level of detail required for compliance purposes. With diagrams as code, organizations can document their systems down to the most minor components, providing auditors and regulatory bodies with a comprehensive view of the organization's processes and data disclosures.
Moreover, diagrams as code enable organizations to easily generate different types of diagrams from a single source. With a well-defined codebase, organizations can automatically generate class diagrams, activity diagrams, entity-relationship diagrams, and other visual representations of their systems. This flexibility allows project managers and compliance teams to extract the information they need in various forms, depending on the specific compliance requirements.
The use of diagrams as code also provides a great help in maintaining consistency across different projects and teams. When compliance regulations change or new projects are initiated, organizations can quickly leverage existing code templates and frameworks to quickly generate compliant diagrams. This consistency ensures that compliance standards are upheld throughout the organization and reduces the risk of non-compliance due to human error or oversight.
Right now, nothing specific. However, the National Institute of Standards and Technology (NIST) provides guidelines for creating diagrams that meet regulatory requirements. While the guidelines do not specifically address diagrams as code, they do provide useful information on creating clear, accurate diagrams that comply with applicable standards. In addition, the International Organization for Standardization (ISO) provides standards for creating diagrams that meet regulatory requirements. ISO 5807:1985, for example, provides guidelines for creating flowcharts that comply with international standards. While this standard predates diagrams as code, the principles it outlines may still be relevant.
Several tools are available for creating diagrams as code, each with its own set of features and capabilities. Here are a few popular options:
All of these tools offer a range of features and capabilities for creating diagrams as code, and the best option will depend on your specific needs and preferences. For our purposes here, we are going to focus on PlantUML.