Skip to content

G.U.A.R.D. Project Overview

Generalized Universal Automated Regulatory Deployment

G.U.A.R.D. is a 10-week graduation research project focused on translating healthcare regulatory intent into enforceable software controls through Compliance-as-Code (CaC). The objective is to reduce the implementation gap between legal requirements and technical delivery within modern healthcare platforms.

Mission

As healthcare platforms scale internationally, they face a persistent risk of compliance drift. Periodic manual audits are often too slow to keep pace with iterative delivery and can leave critical controls unverified between releases. G.U.A.R.D. applies a shift-left strategy by formalizing regulatory requirements, such as NEN 7510 and ISO 27001, into technical guardrails that can be enforced within CI/CD workflows.

graph LR
    A[Legal Intent] -->|Formalize| B("G.U.A.R.D. IR")
    B --> C{Compliance Compiler}
    C -->|Auto-Enforce| D[Technical Guardrails]
    D -->|Verify| E[Secure Deployment]

Core Components

  • Intermediate Representation (IR): A stack-agnostic, machine-readable source of truth that captures the technical intent of healthcare regulations.
  • Compliance Compiler: A translation layer that maps IR-defined controls to environment-specific enforcement mechanisms (for example OPA/Rego policies and SQL constraints).
  • Automated Guardrail Pipeline: A hard gate in the GitLab CI lifecycle that blocks non-compliant changes before deployment.

Stakeholders

Timeline and Milestone Progress

Project execution is organized into five GitLab milestones with defined date windows, activities, and workload ranges. Progress is tracked through linked GitLab work items to maintain clear traceability between research outcomes, implementation tasks, and verification evidence.

Milestone Focus Date Window Status
1. Requirement Formalization Legal-to-technical mapping for NEN 7510 and ISO 27001 April 20 to May 1 In progress
2. IR Design and Schema YAML-based source-of-truth model and validation rules May 4 to May 15 To Do
3. Compliance Compiler Parsing and translation logic toward enforceable controls May 18 to June 5 To Do
4. Integration and Enforcement CI/CD compliance gate and developer feedback flow June 8 to June 12 To Do
5. Evaluation and Synthesis Chaos-compliance testing, evaluation, and thesis finalization June 15 to June 26 To Do

For full sub-task and workload planning, see the Project Roadmap.

Working Method

  • Roadmap management is milestone-driven in GitLab.
  • Work decomposition and delivery tracking are handled through linked GitLab work items.
  • Compliance decisions and implementation evidence are documented alongside the relevant work items to support auditability.

How to Use This Documentation

This project is structured around one parent research question and supporting sub-questions. The sub-questions are evidence-building components that together answer the parent question.

For report drafting, this structure maps directly to Research Report Template and provides traceable reflection evidence for Professional Skills Journal.

For author and study context, see Author.

Technology Stack

To ensure a rigorous and reproducible research environment, the project utilizes:

  • Development: Dev Containers for environment isolation.
  • Code: GitLab repository with automated CI/CD.
  • Documentation: Zensical (Static Site) hosted via Cloudflare.

Project Governance

Open Source & Compliance

G.U.A.R.D. is an open-source project released under the Apache License 2.0. This ensures that the "Security by Design" principles and the "Compliance-as-Code" logic developed here are transparent, auditable, and reusable within the healthcare software ecosystem.

Copyright 2026 Ben Vos Developed in collaboration with DSTRCT Group and Excellent Care Clinics (ECC).

Read the Full License | View Attribution (NOTICE)