Policy as Code (PoC) is current in vogue. This method extends the principles of Infrastructure as Code to security policies, enabling teams to manage policies with the same tools and processes they use for code, such as version control, code review, continuous integration, and deployment. PoC facilitates dynamic and granular security controls that can adapt to changes in real-time, enhancing both security posture and operational agility. But does PoC actually insurce critical technical management or operational oversight? For what organizations or use cases is it best suited?