The below is a continuation of the series on the history of Expanso. Today, we're talking about the third and final unchangeable law of data: the ever-tightening web of data controls. Read the whole series starting from Part 1 . The History of Expanso (Part 6): Data Controls are a One-Way Street Back when I was at Chef , I had an idea for a feature that would help people instantly comply with the Sarbanes-Oxley Act . Because I'm a nerd, I dove into the line items to see what we could productize into code. I remember reading through it—sure, that's a good one, oh we could do something there... and then I saw their statements on passwords. Here was a choice line: "Monitoring: Auditing processes and schedules should be developed to address the high-risk areas within the IT organization." What the hell does that even mean? How can anyone build code against "should be developed"? If I have a post-it note that says "we've developed it," are we compliant? It was the opposite of useful.…