Policies
Create and manage governance policies to enforce compliance, security, and quality standards across your platform.
How to Create a Policy
Step 1: Navigate to Governance
- Click Governance in the main navigation
- Click Create Policy button
Step 2: Define Policy Basics
Policy Metadata:
- Name: Descriptive policy name (e.g., "Production Deployment Approval")
- Description: Purpose and scope of policy
- Version: Semantic version (e.g., 1.0.0)
- Category: Security, Compliance, Quality, or Operational
- Severity: Critical, High, Medium, Low, or Info
- Applicable Resources: Solution, Workflow, Application, Model, Dataset, API
Step 3: Configure Stages
Policies consist of sequential or parallel stages that resources must complete. Each stage can have:
Stage Fields
Define custom form fields for each stage:
- Field Types: text, textarea, richtext, radio, checkbox, dropdown, multiselect, file upload, number, date, datetime, URL, email
- Validation: Required fields, regex patterns, min/max values, custom validators
- Conditional Display: Show/hide fields based on other field values
- Help Text: Guidance for completing each field
Stage Validators
Assign approvers to each stage:
- Validator Types: Specific user, role (e.g., Admin), or group
- Approval Logic (for groups): All must approve, any one can approve, or majority vote
- Delegation: Allow validators to delegate to others
- Escalation Rules: Auto-escalate if not approved within X hours
- Notifications: Email, in-app, or digest notifications
Stage Configuration
- Order: Sequential position in workflow
- Dependencies: Which stages must complete first
- SLA: Expected completion time in hours
- Required: Can this stage be skipped?
- Parallel Execution: Run simultaneously with other stages
Step 4: Set Enforcement Rules
Define how policy violations are handled per environment:
| Action | Behavior |
|---|---|
| Hard Block | Resource cannot be deployed/promoted until policy completes |
| Soft Block | Warn user, but allow override with justification |
| Warning | Log warning, allow deployment to proceed |
| Post Review | Allow deployment, require policy completion afterward |
Step 5: Activate Policy
- Review all stages and validation rules
- Save as Draft to test with sample resources
- When ready, toggle Active to enforce policy
- Share with specific users or teams who should see this policy
Policy Examples
Production Deployment Approval
Purpose: Require approval before deploying to production
Stages:
- Security Review: Security team validates security requirements
- Technical Approval: Lead engineer approves technical implementation
- Business Approval: Product owner confirms business requirements met
Enforcement: Hard Block in Production, Warning in Development
Data Privacy Compliance
Purpose: Ensure data handling complies with privacy regulations
Stages:
- Data Classification: Classify data sensitivity level
- Privacy Impact Assessment: Document privacy implications
- Legal Review: Legal team approves data handling procedures
Enforcement: Hard Block in all environments
Model Validation
Purpose: Validate ML model performance before deployment
Stages:
- Performance Metrics: Document model accuracy, precision, recall
- Bias Analysis: Assess model for bias across protected groups
- Model Approval: Data science lead approves deployment
Enforcement: Hard Block in Production, Soft Block in Staging
Policies with "Hard Block" enforcement will prevent resource deployment until all stages are completed. Use carefully in development environments.