International Journal For Multidisciplinary Research

E-ISSN: 2582-2160     Impact Factor: 9.24

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 8, Issue 3 (May-June 2026) Submit your research before last 3 days of June to publish your research paper in the issue of May-June.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 8 Issue 3
May-June 2026

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

Continuous Compliance as Code: AI-Driven Detection and Auto-Remediation of Regulatory Drift in Regulated Banking Infrastructure

Author(s) Ajay Devineni
Country United States
Abstract SOC 2 Type II compliance in cloud-native financial services environments is typically managed as a periodic discipline: scheduled audits, point-in-time assessments, and quarterly remediation cycles. This approach is structurally misaligned with the continuous change velocity of modern cloud infrastructure, where security group rules, IAM policies, patch baselines, and certificate configurations change on timescales of days rather than quarters. The gap between periodic compliance snapshots and continuous infrastructure reality creates compliance drift — deviation of actual infrastructure state from required compliance posture — that accumulates silently between audit cycles. Research indicates that approximately 90% of large-scale infrastructure-as-code deployments experience drift, and nearly half of these deviations remain undetected. This paper presents a continuous compliance as code framework implemented across six credit union banking applications at NCR/Candescent, integrating Wiz, Orca Security, CrowdStrike Falcon, Carbon Black, and Cloudflare with AWS-native controls and Terraform-based infrastructure as code to create a continuously monitored and automatically remediated compliance posture. The framework treats every SOC 2 control as a continuously evaluated state assertion rather than a periodic check, with automated remediation pipelines self-healing specific categories of drift without manual intervention. Outcomes include elimination of all patch compliance drift within a 24-hour detection-to-remediation window, zero certificate-related compliance findings in the most recent SOC 2 Type II audit cycle, and SOC 2 audit evidence assembly reduced from two weeks to four hours through continuous automated evidence generation.
Keywords SOC 2 Compliance, Compliance as Code, Wiz Security, Orca Security, CrowdStrike Falcon, Carbon Black, Cloudflare, AWS WAF, Certificate Lifecycle Management, Patch Management, Infrastructure as Code, Terraform, Regulatory Drift, Financial Services Cloud.
Field Engineering
Published In Volume 7, Issue 2, March-April 2025
Published On 2025-04-05
DOI https://doi.org/10.36948/ijfmr.2025.v07i02.75738
View / Download PDF File

Share this



E-ISSN 2582-2160
CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJFMR DOI prefix is
10.36948/ijfmr

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 8 Isu 2Cover Page Vol 8 Isu 1Cover Page Vol 7 Isu 6

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJFMR
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Publication Ethics
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Reviewer Referral Program
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us +91-9687-828-838 editor@ijfmr.com
Powered by Sky Research Publication and Journals