Search icon
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Learning Hub
Free Learning
Arrow right icon
Policy Design in the Age of Digital Adoption.
Policy Design in the Age of Digital Adoption.

Policy Design in the Age of Digital Adoption.: Explore how PolicyOps can drive Policy as Code adoption in an organization's digital transformation

By Ricardo Ferreira
$41.99 $28.99
Book May 2022 332 pages 1st Edition
$41.99 $28.99
$15.99 Monthly
$41.99 $28.99
$15.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : May 4, 2022
Length 332 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781801811743
Vendor :
Table of content icon View table of contents Preview book icon Preview Book

Policy Design in the Age of Digital Adoption.

Chapter 1: Introduction to Policy Design

This chapter starts the journey of understanding policies, their use, their importance, and how they are effectively used.

This chapter discusses the foundation of policy design, what constitutes a policy, how it is sketched together, and why policies are used. We will discuss design theory and how to create sound policies while demonstrating the most common instruments used to develop policies and their life cycles.

Once these elements are established, parallels from public policy to the digital organizational context later in the book will be more straightforward, as well as understanding how policies can help organizations in their digital journey by enabling faster digital adoption across the organization.

By the end of this chapter, you will understand how the field of public policy and associated tools can be transposed for digital adoption in an organization. This is typically achieved by a layer of governance that encompasses people, processes, and technology by creating coherent policies using persuasive system design (PSD), nudging, and incentives for more effective digital governance.

In summary, this chapter highlights how the field of policy design can be used to create a proactive governance model that goes way beyond enforcing and authorization, to increase digital adoption throughout an organization.

In this chapter, we are going to cover the following main topics:

  • The why, what, and how of policies
  • From design theory to policy implementation
  • Policy design – key issues, tools, designs over time, effectiveness
  • The business value of digital policies

The why, what, and how of policies

Let's look at a definition for policy. Cambridge Dictionary states the following: "A set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government, or a political party." If we summarized it in a few words, it would be a set of guidelines to gain a positive outcome.

In our world, we live and abide by policies implemented by the government, our work environment (by our corporate policy), and our daily lives, for example, by an individual policy (such as a healthcare plan).

This section will discuss why policies are essential, especially in the globalized world we live in, and what business benefits we can derive by implementing and using them.

We will discuss the elements of a policy and show how the different elements can be combined to achieve a goal. You will also realize the pervasive nature of policies, how governments use public policies, how organizations implement corporate policies, and even the use of artificial intelligence in some algorithms, such as reinforced learning.

Why policies

Let's look at an example of a health policy enacted by the EU to reduce smoking and premature deaths.

Tobacco consumption is the single largest avoidable health risk and the most significant cause of premature death in the EU, responsible for nearly 700,000 deaths every year. Around 50% of smokers die prematurely (on average 14 years earlier).

Despite considerable progress made in recent years, the number of smokers in the EU is still high – 26% of the overall population and 29% of young Europeans aged 15-24 smoke.

The complete policy can be consulted at

The initial paragraph unpacks the why. The program's objectives are to protect its citizens from dying prematurely. The overarching goal is health.

Another example from the EU is education policies, for example, the European policy cooperation (ET 2020 framework), which is a strategic framework for cooperation in education and training (ET 2020). This and other education policies can be accessed here:

The policy goals are to develop education programs to tackle skills, aging societies, and technological developments.

These policies have laid out their goals and the elements of what will be used (for example, publicity, regulation, and tax rules).

They can ensure compliance to a certain standard or streamline processes to provide a map for accepted behaviors. They can influence the desired outcome so that a specific positive goal is achieved. In sum, policies are everywhere in our day-to-day lives as they make up the basis of our society and a mechanism to influence positive results.

What is a policy?

As we saw previously, policies are designed to help an entity (governments, organizations, or groups) create guidelines to achieve a goal.

Suppose we follow the literature on the latest research in policy creation. In that case, the taxonomy in broad terms is divided into two main parts: the policy's goal, what we are trying to achieve, and policy tools, how we achieve those goals, which we will go into more detail about later.

Usually, the policy aim will involve establishing the following:

  • The goal: What are the general ideas behind the policy?
  • The objectives: What is the policy going to address?
  • The setting: What are the environmental nuances where the policy is going to be applied?

Let's take the example of the tobacco health policy that we saw earlier.

The program's objectives would be to protect its citizens from the effects of tobacco and dissuade younger people from picking up the habit.

The goal would be linked to positive health and economic outcomes as well as a financial goal related to the prevention of disease, which left unchecked would lead to increased costs to national health systems.

The setting is related to how the EU operates regarding cross-border trading. The setting would consider the international cooperation and the usage of the European Anti-Fraud Office.

This example explains the components that go into the policy and their concerted usage for a specific goal.

The how of policies

As we have seen, a policy starts with an aim that needs to be well defined to create the goals, objectives, and settings. In this section, we will focus on how policies are created effectively by using instruments to achieve the strategy's goals. This helps determine the strategy of the policy as well as the elements that go into it:

  • The instrument logic specifies the preference of the instrument, that is, whether it's going to be a coercive instrument (enforcement, authorization), a suasion instrument (nudging, incentives), a statistical instrument (data presented in a digestible impactful way), or a financial instrument (bonus, subsidies).
  • The mechanics of the instruments, such as the specific type of instrument, for example, training incentives or publicity campaigns.
  • The instrument nuances specify how the instrument will be used as part of regulations, guidelines, standards, and so on.

Using the tobacco health policy as an example, the instrument logic you could use to achieve the goal could be as follows:

  • Coercion: By restricting areas where people can smoke (smoke-free environments)
  • Suasion: Using advertising on packaging and labeling with strong images (people dying in hospitals from lung cancer)

The mechanics would be the use of regulations for trade and increased tax. Since it's a regulated product, the tool nuances would use labeling mandated by the guidelines.

It would also be beneficial to be reminded that there are other instruments to achieve policy objectives, which can be seen in the following:

  • Coercive instruments: These are used to make sure the rules are abided by. We can think about laws, mandatory regulations, or standards. They exist to make sure a determined code is followed with penalties if not. For example, speeding on a motorway would be against the regulations and would have a penalty to dissuade that type of behavior.
  • Financial instruments: These are used to provide incentives for a determined behavior aligned with a policy goal. An organization might use bonuses based on targets on earnings to increase sales in a specific service or product. A particular policy of the government to improve a particular sector might give tax breaks or subsidies, for example, in green sectors nowadays.
  • Social instruments: Staff and volunteers can be used to influence outcomes. A policy to reduce wildfires might engage volunteers to do sensibilization activities in local populations or use paid staff to clean areas with increased hazard potential.
  • Statistical instruments: One of the oldest resources to influence behaviors is statistical instruments, the art of presenting impactful data. An organization might use environmental statistical instruments to change behaviors to reduce water wastage by showing how much water can be saved. A policy to reduce mobile phone usage while driving might use statistical instruments such as billboards with crucial information highlighting fatal accident statistics.

The following table gives an overview of the policy tools associated with each type of governing resource. It highlights how the different tools can be used at each point of the policy goal:

Table 1.1 – Policy taxonomy (adapted from Howlett and Rayner)

Table 1.1 – Policy taxonomy (adapted from Howlett and Rayner)

A good policy requires a mix of elements. This is where design choices are essential. Later on, we will see that the tenets of good policy design are around the three Cs, coherence, consistency, and congruency. We can follow a structured approach by using existing design frameworks to make it easier for us, which the next section will discuss.

From design theory to policy implementation

As we have seen, policies can become very complex, as they usually require a mix of goals and instruments, making them prone to becoming inconsistent or lacking coherence by mixing too many diverging instruments.

This section will highlight how several frameworks from design thinking and PSD can create policies that consider different groups' viewpoints to make them robust and sound.

Design thinking theory

Design thinking started when creativity and empathy were required in the problem-solving aspect. The field matured once Herbert A. Simon created an iterative process that considered the experiences of different stakeholders. The same technique is required in policy creation as policy-makers need to have a broad range of perspectives to create effective policies.

Design thinking also makes sure that silos, hierarchies, and bureaucracies are torn down. Those of you with a more technical background might be able to see hints of the DevOps philosophy; this is not accidental. In design thinking, cross-collaboration is crucial as one of its aspects relies on empathically understanding different groups.

Let's say an organization wants to improve its cloud support and services to the business units. Usually, a project intended to start such an effort would begin by seeking out where in the organization teams, business units, and individuals have these capabilities more embedded than others and start asking questions such as the following:

  • Where are the highest areas of cloud detraction at the moment?
  • What factors seem to foster digital resistance?
  • How is this digital illiteracy going to cause problems a few years from now?
  • What types of problems would the lack of cloud adoption lead to?
  • What are some success stories within the organization concerning cloud adoption?

This set of questions specific to cloud adoption can be adapted to start the design thinking process across different areas to improve digital adoption (goal) across business units that don't have the necessary level of maturity. If we unpack the questions into pillars, it would be summarized as considering the environmental factors, stakeholder involvement, mapping, and assessment. These pillars can be combined to understand better the targets, development, and use of digital policies.

Design thinking process

Design thinking is a conceptual framework that can be visually represented as follows:

Figure 1.1 – Design thinking phases

Figure 1.1 – Design thinking phases

The following are summarized descriptions of each of the phases.

Environmental factors

This strategy explores an individual's and group's behaviors in different contexts; it tries to identify trends that might influence future outcomes by understanding various factors, such as inputs, technologies, or multiple fields.

This strategy can be used to create a data-driven approach to highlight potential opportunities, weaknesses, or methods that augment our current understanding.

A good analogy for this strategy is to see it as a fishermen's net where the range is broad to catch different and unrelated viewpoints.

Stakeholder involvement

In design thinking, the stakeholder phase relies on people and their behaviors to understand the issue at hand. While the previous strategy was more concerned with a broad range, we funnel it further to engage with the different individuals at this stage.

Stakeholder involvement is about identifying and understanding the user's needs to create more efficiency, which can be achieved by observing the user interacting with a service. In this strategy phase, it's also imperative to ask open-ended questions of a diverse group of people, leading to deeper involvement and a broader understanding of the process.

This strategy is one of the most time consuming as it requires many interviews and questions between several stakeholders and target groups.


This strategy is one of the most important as it is where we start to derive insights. In the previous strategy phase, we were concerned with getting data from the most varied sources. In contrast, here we begin to correlate, building insights.

Mind maps and similar concepts can be used to link different ideas. This is extremely useful in policy because it allows mapping to be used by various stakeholders to understand how they relate to each other.

For example, if an organization wanted to improve customer satisfaction, it would be helpful to know what steps are involved when a customer interacts with a service, the clicks they do to understand the portal, and in the case of e-commerce, the act of navigating the application or website until they commit to a buy. Like Steve Jobs used to say, understand the customers and work backward. Visually mapping these experiences helps identify areas, services, and processes that can be streamlined, resulting in a more efficient experience for the customer.

There's also Wardley mapping, a framework to enable strategic thinking that can fit in this strategy. More information can be found at


In this strategy phase, the connection between the issues has been established. The insights gave rise to valuable information, which can be categorized, labeled, and understood. This information can inform the environmental factors and create a feedback loop, as seen in Figure 1.1.

Persuasive system design

PSD is a framework based on information systems designed to influence and shape attitudes, beliefs, intentions, or behavior without coercion or deception. This is different from the instruments that we talked about earlier, especially the coercive instruments. In PSD, it's about voluntary reinforcement, shaping attitudes and behaviors.

Persuasive systems might use either computer-human persuasion or any other mediated persuasion technique. Computers do not have intentions of their own, so generally, people create algorithms that contains the developers and data bias (

The creation of PSD follows a very structured approach, as seen in the following diagram:

Figure 1.2 – PSD phases

Figure 1.2 – PSD phases

Using the diagram as an anchor, we can see the initial phase is analysis of objectives. Here, we establish goals and choose the design. We also establish the types of persuasion, such as direct or indirect. Remember that this is an incremental process, it will be tailored to the user, and questions can be used to calibrate during this initial phase.

These types of designs can be found at

Next, we need to understand the persuasion context, the wanted outcome, the user context, and the user's environment.

This will allow us to tailor the system; for example, doing a PSD for mobile or desktop environments is very different, hence understanding the environment where the user will interact needs to be assessed. The context of the persuasion phase will also design the message and how it will be delivered.

The system components phase is where the individual components will be assembled to support the previous methods, for example, using suggestions, rewards, and visual attractiveness. This can also be defined as persuasive appeal or persuasive inquiry.

Finally, these phases contribute to the goal, which is the behavior change that the system was designed around.

Let's look for real-world examples of PSD, such as gamification, including Waze for driving, Robinhood for trading, and Facebook for social media. Gamification has considerable success in shaping user behavior, which in the case of policies can be used as a suasion instrument to shape users' behaviors.

An overlay framework for designing policies

If we look around the technology world, policy development has typically been done by bureaucrats or lawyers, which, aside from rare exceptions, has rarely brought design thinking into policy creation. The reverse is also true. Go through any significant cloud provider governance paper and you will see that most of it has been created by technical folks without the lenses from other groups.

The purpose is to develop a framework that abstracts the pieces discussed earlier, design thinking and PSD, and lays the foundation to start thinking about policies and instruments in a structured approach to design effective policies.

Figure 1.3 – OODA loop for policy design

Figure 1.3 – OODA loop for policy design

Inspired by the Observe, Orient, Decide, Act (OODA) loop, the preceding diagram is a high-level framework that can be applied to digital policy design, which will be expanded on and used as the basis for Chapter 4, Framework for Digital Policies, where we will use this framework to abstract the frameworks discussed in this chapter.

Policy design – key issues, tools, designs over time, and effectiveness

As seen in the previous section, applying creative techniques and persuasive designs to get diverse viewpoints and influence is essential to formulate policies beyond authority.

This section will discuss what tools are available to achieve these goals; we will talk about conflicts and how to manage them, the fundamentals of measuring the effectiveness of policies, and the building blocks to develop robust policies.

This section will give tools that, coupled with the previous processes, allow you to start thinking about the challenges a policy can tackle using a systematic approach.

Suasion tools

With the digital psychology advancements in recent years, especially in social media and behavioral insights (Cambridge Analytica) with a lot of controversies surrounding some elections and how data from users was leveraged to influence the vote, nudging is becoming a valuable tool in policies; this new method, combined with the old marketing premises, makes for effective suasion tools that can be used to steer individuals toward a choice.


Standing on the shoulders of Tversky and Kahneman's work on in irrationality, Richard Thaler began to look into this in more detail. He created what we know as nudge theory; we can define it as a way to influence choice without limiting choice or making more costly alternatives in terms of social sanctions. They are called nudges because there are flaws in how individuals process decision-making, and nudges can use those flaws.

Ana Caraban et al.'s Technology-Mediated Nudging in Human-Computer Interaction is an important research paper that focuses on using nudges via technology.

Some real-world examples might be as follows:

  • Positioning: In supermarkets, premium products are placed at eye level, while kids' products, such as cereals with cute characters, are placed a bit lower down so that kids see the product and ask their parents for it.
  • Opt-out policies: Implicit deny in authorization systems is the default to increase security. In mobile games and applications, a usual pattern is to ask for a subscription to increase revenue, the process of canceling a subscription being more complex than signing up.
  • Suggesting alternatives: Commonly used in car rental upselling, as the suggestion can be an improved model for a minimal price. The same can be used in policies for cost savings, suggesting smaller virtual machines when working on development environments to reduce costs.

Nudging tries to influence a person's behavior with subtle changes to guide users toward a choice or behavior. Nudging can be a potent suasion tool, especially for adopting new digital technologies.


Another tool that can be used for suasion is social marketing. We can use marketing concepts to influence behaviors that will benefit the organization, individuals, or business units in this approach.

You might think that traditional marketing is geared toward promotions, price, and placement. Still, more recently, it has been used in social media, which is becoming more recognized for its suasion aspects. Let's look at the center of excellence for social marketing. The National Social Marketing Centre (NSMC) has established benchmark criteria, a set of elements included in successful marketing campaigns.

I have adapted them for you to use as a reference; do not think about them as a checklist but as intertwined concepts.

Refer to

The following table, adapted from the NSMC, shows the key elements that are used in the most successful social marketing efforts, which can be used when developing suasion tools:

Table 1.2 – Marketing key elements (adapted from NSMC)

Table 1.2 – Marketing key elements (adapted from NSMC)

If we put these elements in a more visual form, as shown in Figure 1.4, feedback loops are present throughout the pieces. All of them feed into the delivery mix, which we can say is the output of the different layers:

Figure 1.4 – Marketing key elements visual feedback loop

Figure 1.4 – Marketing key elements visual feedback loop

The use of behavioral insights and behavioral analytics in policy are increasing. Nudging, in particular, has been receiving tremendous attention as it allows you to improve the existing instruments and understand suitable targets and methods to send the message. For the long term, the marketing benchmark described is also an excellent place to start. It enables policies to be grounded in mechanisms that have worked to the marketing advantage and complement the other tools in this chapter.

Authority tools

In this section, we will be talking about authority tools that are part of coercive instruments. These tools are usually conveyed in the form of mandatory requirements, regulations, certifications, or laws.

This is not an exhaustive list, but an introduction to some concepts around authority tools will be necessary during the policy design phase.


Authorization refers to the process of giving an entity, be it a person, group, or supergroup, the ability to do an action. We will focus on authorization models more deeply in the following chapters. Still, it is essential to understand how we can leverage authorization as an instrument to design policies.

If we think about it, authorization is probably the most ancient and powerful used tool, from regulations, licenses, and permits to certificates, accreditation, and more. It is used because it can serve several purposes:

  • Recognizes sources of power
  • Legitimates sources of power
  • Mitigates information asymmetries

Authorization mechanisms are still the most effective way to create an environment of trust, especially in the digital realm. Finally, authorization is essential in risk management; any preventative framework seeks to minimize risk and ensures that those who engage in risky activities are trained, skilled, and authorized.


As per the Organization for Economic Co-operation and Development (OECD), the definition of regulation, as seen at, is as follows:

Regulatory policy is about achieving government's objectives through the use of regulations, laws, and other instruments to deliver better economic and social outcomes and thus enhance the life of citizens and business.

Regulations usually are made through an independent body for a specific sector, for example, in the case of banking in the UK, it is the Financial Conduct Authority (FCA) that creates regulations on how UK financial services should conduct themselves and what guidelines to adopt, and also to investigate, ban, and freeze assets of organizations and individuals. There is also the European Banking Authority (EBA), which is the European counterpart.

A regulation that is quite famous nowadays is the General Data Protection Regulation (GDPR), which requires an organization that processes EU citizen data to process and maintain that data in a specific way, with fines and penalties for organizations that don't respect it.

In Chapter 2, Operationalizing Policy for Highly Regulated Industries, we will be covering regulations in more depth for the different sectors.


Licensing is one of the many tools that governments and organizations use as a form of authority to provide access in specified terms and conditions. In the open source world, there are more than 100 licenses (; all these types of licenses can be used as a form of authority to provide the following:

  • Customer protection
  • Information asymmetries
  • Recovering costs
  • Integrity

For example, the license for an encryption algorithm, OCB, limits its usage for military applications:

2.2 Restrictions

2.2.1 The preceding license does not apply to and no license is granted for any Military Use of the Licensed Patents.


Certification is a system of formal recognition that an event has happened; for example, birth, death, education, or professional achievements are examples of authoritative declarations. These can be used to convey authority and expertise.

For example, a certification from Google, Cloud Digital Leader, can be used as proof that the person passed an exam that allows them to articulate Google Cloud products' capabilities and how they can benefit an organization.

A more mundane example is using a certified electrician to check your house's electrical wiring. The certification proves that the electrician underwent a course and has met the requirements to pass the exam and become certified.

Financial tools

Governments often use financial tools in traditional policy design, such as subsidies, grants, tax concessions, or a mix, as we have seen previously. Financial tools can be a powerful incentive, primarily in organizations creating policies around digital adoption.

It's essential to understand how the different groups in their journey and equitably use financial tools to produce positive outcomes for all groups.

The following figure shows the difference between equity and equality:

Figure 1.5 – Equality versus equity

Figure 1.5 – Equality versus equity

For financial tools to be effective, it is essential to understand that different teams and business units will require different levels of support. As shown in the preceding figure, it is essential to be aware of those nuances and create policies that equitably use financial instruments.

Conflict management

Policy design is a process that, due to its nature, encourages or penalizes groups in a system, effectively exposing, strengthening, or destabilizing existing relationships. Be mindful when designing policies, as in any good process design, of the need to collect feedback and incorporate it when necessary. Clarifying interest, generating good alternatives, and clear communication should be used to address conflicts.

Understanding the three Cs for effective policy design

As we have seen in the earlier sections, a policy comprises several instruments with multiple analysis levels in between. As such, assessing the effectiveness of a policy requires a layered approach. First, we need to understand the interactions between the tools and how policies can be mixed.

Asking questions from within the organization would allow a policy designer to construct policy mixes that are effective, taking into consideration Table 1.1.

Those questions could be as follows:

  • What tools does an organization have?
  • How can these be classified?
  • Have they been applied in the past?
  • Has there been a usage pattern?
  • How can we improve on past patterns?

These questions allow someone to break down the elements and understand previous and future potential interactions.

We can decompose the various components, goals, instruments, and calibrations/settings. These are the elements that will make up the policy.

If we refer back to Table 1.1, we can see the overall interaction and the components and position of the policies.

We should notice that typically, there are two types of designs:

  • Theory inspired, generally used in areas that haven't had past policies, for example, nanotechnology or the cloud, which require a built-from-the-ground approach. It requires policy actors to be highly technical in the field to minimize the risk of poor design emerging.
  • Secondly, real-world-inspired policies, built on top of established ones, are more common than theory-inspired policies.

Both these policies during their life cycle can suffer changes characterized by the following:

  • Layering: New elements are added to the policy without removing the previous ones, usually leading to incoherence between the goals or inconsistency between the instruments.
  • Conversion: This happens when most of the elements are kept to serve another goal; while consistency can be achieved by not changing the instruments, incongruency is introduced as old instruments mix with new goals.
  • Drift: This happens when the policy elements are still maintained even though the policy's environment has changed.

Usually, a combination of several policies might be in place. As such, it is essential to understand whether one will replace an existing policy or create another layer in the policy.

Good policy design will involve a mix of instruments to address the required governance context and policy matching within an environment. In other cases, it will require the reshaping of an existing policy.

The basic principle of a sound policy design, regardless of the context, is to ensure that consistency, congruency, and coherency are achieved.

The following figure represents the three Cs and how each C ties to the goals or instruments:

Figure 1.6 – The three Cs of policy

Figure 1.6 – The three Cs of policy

This section highlighted how you could use the instruments presented within this chapter to achieve a policy goal. It discussed the types of policies that you might encounter and how to design for new or already established policies considering the effective combination of goals, instruments, settings, and calibrations coherently, consistently, and congruently.

The business value of digital policies

As we have seen throughout this chapter, instruments, tools, and processes typically used in public policy design can be adapted for digital policies. Organizations in their digital journey need to embrace the cloud, analytics, or artificial intelligence. Having a robust governance model is key, as traditionally, there has been a lack of effective governance for this new digital world, resulting in almost one-third of companies failing in their digital transformation efforts (

This part will briefly cover a high-level overview of the most significant enablers of using policies and their instruments in an organization to advance the state of digitization.

Effective digital programs

According to the existing literature, one of the most common failures in digital transformation focuses on misalignment with the business. This would be attributable to an incongruent policy in the policy design world, where the instruments were not aligned with the goals.

This chapter highlights that cross-collaboration is key to building effective policies, especially in new technological fields. It requires in-depth technical know-how coupled with broader stakeholder buy-in to design effective policies.

Some of the aspects of successful digital transformations are as follows:

  • Adaptive governance: Most of the programs in digital transformations use and focus on old methods; there is no effort spent on creating policies that use and leverage novel methods such as PSD and design thinking in the governance structure to bring everyone from the CxO to the individual contributor together.
  • Orthogonal feedback loops: Key Performance Indicators (KPIs) and metrics with the necessary data availability and quality are closely monitored and fed across all areas of the business undergoing transformation.
  • Technologist-driven but business-integrated: As we have seen in this chapter, in areas where new policies are going to be established, that is, theory-inspired policies, it will require actors to be highly technical in the field to minimize the risk of poor design emerging.

The frameworks, instruments, and methods discussed here with a public policy lens can be transposed to create effective digital policy programs. As you will see in the later chapters, most of the existing policies nowadays in the digital realm use coercive instruments, such as authorization.

We are starting to see some regulations, guidelines, and standards come up, such as the ENISA Cloud Certification scheme (, and ISO is creating standards on artificial intelligence ( These regulations are still in the early days but will be the basis of the regulations for EU innovative tech in the coming years.

Governance agility

Governance traditionally has not been linked to how it can help the organization adapt to its environment and surrounding factors. An excellent example is the pandemic of 2020, which disrupted the governance structure regarding ways of working. Layering was introduced to safeguard existing governance processes, but it led to inconsistency.

Digital exhaustion caused by video calls is now being discussed by the governments of several countries on regulating working laws. Organizations are trying to create hybrid working environments as more than 40 percent of employees want to leave for a more flexible workplace (

These external factors pushed many organizations to adapt quickly, and we will see the results of using instruments misaligned with goals resulting in incongruent policies. Although these external factors have brought challenges, they can be an opportunity for organizations to take a step back and reshape their policies.

Adaptive governance enables resilience and takes the organization a step ahead by increasing agility and creating solid feedback loops to adapt to unforeseen external factors.


This chapter explained the purpose of policies, their elements, and how to design them. We introduced some of the best frameworks in the field to create policies that take a holistic approach to the organization.

The field of policy design is complex, but we gave a high-level view of the basic concepts and processes that can be used, such as design theory, policy effectiveness, and the link to the digital transformation effort. These concepts and elements are fundamental; as we have seen, a policy will usually need to mix elements to achieve a specific goal.

We covered several types of instruments, suasion, coercive, and financial, and I hope that it is clear that for effective policies, we should try to use several instruments applied to where they make the most sense. As you will see, most policies use coercive instruments, such as authorization, but it is essential to understand that other instruments can and should be used.

This chapter also highlighted that to build digital policies, we should use effective frameworks that focus on design thinking theory or marketing best practices as it is essential to get diverse viewpoints from actors and target users by using empathy and creativity to design effective policies.

We also highlighted the need to design from scratch or reuse policies considering the three Cs for consistent, congruent, and coherent policies. Finally, we expanded on the role that policies have in the digital governance structure. Organizations will benefit from having adaptive governance that will help them respond to external factors and give them an edge with digital transformations.

We hope this chapter has given you the foundational know-how to understand the policies on which we will expand in subsequent chapters. In the next chapter, we will be looking more in depth at coercive instruments, regulations, and standards. For example, we will look at GDPR, how different sectors use regulations, and how policies can integrate with those requirements.

We will also expand on access controls, their types, and their integration with cloud vendors, and finally, we will discuss control catalogs to achieve policy needs.

Left arrow icon Right arrow icon

Key benefits

  • Understand and define policies that can be consumed across the business
  • Leverage a framework to embed Policy as Code into the organization
  • Learn how to use Open Policy Agent and its powerful policy language, Rego


Policy as Code (PaC) is a powerful paradigm that enables organizations to implement, validate, and measure policies at scale. Policy Design in the Age of Digital Adoption is a comprehensive guide to understanding policies, their design, and implementation for cloud environments using a DevOps-based framework. You'll discover how to create the necessary automation, its integration, and which stakeholders to involve. Complete with essential concepts, practical examples, and self-assessment questions, this book will help you understand policies and how new technologies such as cloud, microservices, and serverless leverage Policy as Code. You'll work with a custom framework to implement PaC in the organization, and advance to integrating policies, guidelines, and regulations into code to enhance the security and resilience posture of the organization. You'll also examine existing tools, evaluate them, and learn a framework to implement PaC so that technical and business teams can collaborate more effectively. By the end of this book, you'll have gained the confidence to design digital policies across your organizational environment.

What you will learn

Understand policies, guidelines, regulations and how they fit together in an organization Discover policy-related current challenges brought by digital transformation regarding policies Find out about Open Policy Engine (OPA) and other policy engines for different environments Get to grips with the latest developments in PaC through a review of the literature, toolset, and usage Explore the PaC framework to develop trust at scale, leveraging patterns and best practices Become familiar with tool evaluation and selection using real-world examples

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : May 4, 2022
Length 332 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781801811743
Vendor :

Table of Contents

18 Chapters
Preface Chevron down icon Chevron up icon
1. Section 1: Foundation Chevron down icon Chevron up icon
2. Chapter 1: Introduction to Policy Design Chevron down icon Chevron up icon
3. Chapter 2: Operationalizing Policy for Highly Regulated Industries Chevron down icon Chevron up icon
4. Chapter 3: Policy as Code a Business Enabler Chevron down icon Chevron up icon
5. Section 2: Framework Chevron down icon Chevron up icon
6. Chapter 4: Framework for Digital Policies Chevron down icon Chevron up icon
7. Chapter 5: Policy for Cloud-Native Environments Chevron down icon Chevron up icon
8. Chapter 6: Policy Design for Hybrid Environments Chevron down icon Chevron up icon
9. Chapter 7: Building a Culture of PolicyOps Chevron down icon Chevron up icon
10. Section 3: Tooling Chevron down icon Chevron up icon
11. Chapter 8: Policy Engines Chevron down icon Chevron up icon
12. Chapter 9: A Primer on Open Policy Agent Chevron down icon Chevron up icon
13. Chapter 10: Policy as Code Tool Evaluation Chevron down icon Chevron up icon
14. Chapter 11: Cloud Providers Policy Constructs Chevron down icon Chevron up icon
15. Chapter 12: Integrating Policy as Code with Enterprise Workflows Chevron down icon Chevron up icon
16. Chapter 13: Real-World Scenarios and Architectures Chevron down icon Chevron up icon
17. Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Filter icon Filter
Top Reviews
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial


How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to
  • To contact us directly if a problem is not resolved, use
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.