Skip to content

G.U.A.R.D. Project Overview

Generalized Universal Automated Regulatory Deployment

Welcome to the central command for the G.U.A.R.D. research initiative. This project is a 10-week graduation assignment focused on bridging the gap between healthcare regulations and software architecture through Compliance-as-Code (CaC).

๐ŸŽฏ The Mission

As healthcare platforms like the Excellent Care Clinics (ECC) HMS scale internationally, they face a critical challenge: Compliance Drift. Traditional manual audits are too slow for modern development, leading to potential privacy violations.G.U.A.R.D. aims to "Shift-Left" this process by programmatically enforcing regulatory requirementsโ€”such as NEN 7510 and ISO 27001โ€”directly within the CI/CD pipeline.

graph LR
    A[Legal Intent] -->|Formalize| B("G.U.A.R.D. IR")
    B --> C{Compliance Compiler}
    C -->|Auto-Enforce| D[Technical Guardrails]
    D -->|Verify| E[Secure Deployment]

๐Ÿ—๏ธ Core Components

  • Intermediate Representation (IR): A stack-agnostic, machine-readable "Source of Truth" that captures the technical essence of healthcare laws.
  • Compliance Compiler: A specialized translator that maps abstract legal intent from the IR to environment-specific security gates (e.g., OPA/Rego, SQL constraints).
  • Automated Guardrail Pipeline: A "Hard Gate" integrated into the GitLab CI lifecycle to block non-compliant code before it ever reaches production.

๐Ÿ‘ฅ Stakeholders

  • Excellent Care Clinics (ECC): Primary stakeholder and healthcare provider.
  • DSTRCT Group: Specialized software development partner maintaining the HMS and medication application.
  • Guidance: Miriam de Ruyter (ECC General Manager), Paul Helder (DSTRCT), and senior technical leadership.

๐Ÿ“Š Current Project Status

We are currently in Phase 1: Requirement Formalization.

Phase Focus Status
1. Formalization Investigation of NEN 7510/ISO 27001 Mapping In Progress
2. IR Design Developing the YAML Meta-Model Upcoming
3. Compiler Logic Engine and Translation Logic Upcoming
4. Integration CI/CD Pipeline & Shift-Left Implementation Upcoming
5. Evaluation Chaos Compliance Testing & Synthesis Upcoming

๐Ÿ› ๏ธ The Tech Stack

To ensure a rigorous and reproducible research environment, the project utilizes:

  • Development: Dev Containers for environment isolation.
  • Code: Private GitLab repository with automated CI/CD.
  • Documentation: Zensical (Static Site) hosted via Cloudflare Zero Trust for secure stakeholder access.
  • Testbed: Next.js, PostgreSQL, and AWS.