Compliance
Track compliance status, generate compliance reports, and maintain audit trails for regulatory requirements.
Compliance Dashboard
Monitor overall compliance health:
Key Metrics
- Compliance Rate: Percentage of resources with completed policies
- Active Policies: Total number of enforced policies
- Pending Approvals: Approvals requiring your action
- Critical Violations: High-priority compliance issues
- Average Time to Compliance: Mean time to complete policies
Compliance by Category
Track compliance across different areas:
- Security: Security policies and reviews
- Data Privacy: Data handling and privacy policies
- Quality Assurance: Code quality and testing policies
- Operational: Deployment and operational policies
Compliance Reporting
Generate Compliance Reports
- Go to Governance → Compliance → Reports
- Click Generate Report
- Configure report parameters:
- Report Type: Summary, Detailed, or Audit Trail
- Date Range: Last month, quarter, year, or custom
- Scope: All resources or filtered by tags/teams
- Format: PDF, CSV, or Excel
- Click Generate
- Download report when ready
Report Types
Summary Report
- High-level compliance statistics
- Compliance rates by category
- Top violated policies
- Trends over time
Detailed Report
- Resource-level compliance status
- Policy instance details
- Approval history
- Violations and exceptions
Audit Trail Report
- Complete change history
- User actions and timestamps
- Approval/denial reasons
- Override justifications
Audit Logging
Comprehensive audit trail for all governance activities:
Logged Events
- Policy Changes: Create, update, delete, activate, deactivate
- Policy Instances: Apply, submit, approve, deny, override
- Promotions: Environment promotion attempts and results
- Overrides: Admin overrides with justifications
- Configuration Changes: Stage updates, validator changes
Audit Log Details
Each log entry includes:
- Timestamp: When action occurred
- User: Who performed the action (name, email, ID)
- IP Address: Source IP of request
- User Agent: Browser/client information
- Action: Type of action performed
- Entity: What was changed
- Previous State: State before change
- New State: State after change
- Reason: User-provided justification (if applicable)
Searching Audit Logs
- Go to Governance → Audit Logs
- Use filters to narrow down results:
- Entity Type: Policy, Instance, Promotion, etc.
- Action Type: Create, Update, Approve, Deny, Override
- User: Filter by specific user
- Date Range: Time period
- Resource: Filter by specific resource
- Click search to view results
- Export results for compliance documentation
Compliance Best Practices
Establish Clear Policies
- Define policies early in project lifecycle
- Document policy purpose and requirements
- Communicate policies to all team members
- Regularly review and update policies
Enforce Consistently
- Apply same policies to similar resources
- Use Hard Block for critical compliance requirements
- Use Soft Block or Warning for guidelines
- Don't create policy exceptions without justification
Monitor Compliance Metrics
- Review compliance dashboard weekly
- Address critical violations immediately
- Track trends to identify systemic issues
- Celebrate improvements in compliance rates
Maintain Audit Trail
- Never delete audit logs
- Export logs regularly for archival
- Retain logs per regulatory requirements
- Review logs during audits and investigations
Conduct Regular Reviews
- Quarterly policy effectiveness reviews
- Annual compliance audits
- Access reviews for validators
- Policy coverage assessments
Regulatory Compliance
Common Frameworks
Governance features support compliance with:
- SOC 2: Security, availability, confidentiality controls
- HIPAA: Healthcare data privacy and security
- GDPR: EU data protection requirements
- ISO 27001: Information security management
- PCI DSS: Payment card industry standards
Compliance Requirements
Map policies to regulatory requirements:
- Identify applicable regulations
- Document specific requirements
- Create policies that enforce requirements
- Tag policies with compliance framework
- Generate compliance reports by framework
Exceptions and Overrides
When to Use Overrides
- Emergency production fixes
- Time-sensitive business requirements
- Policy refinement periods
- Exceptional circumstances
Override Process
- Admin attempts promotion/deployment
- System shows compliance blockers
- Admin provides override justification
- System logs override with reason
- Compliance team reviews overrides weekly
Override Tracking
Monitor all overrides:
- Override count by user
- Override reasons and categories
- Resources with most overrides
- Override trends over time
Important
Overrides should be rare exceptions, not standard practice. Frequent overrides indicate policies may need adjustment or teams need additional training.