Policy Manager
Successful data governance programs rely on well-defined policies and regulations to safeguard both data and users. Policy Manager simplifies this process by offering a place to create and manage data policies.
Policy Manager allows you to store and show the metadata of your policies and regulations, allowing you to link the metadata to your knowledge graph. It provides an overview of your organization’s governance assets, and key functions to adopt, implement, and monitor the digital policies for your organization.
Policy Manager helps keep your data safe by classifying data based on sensitivity and linking these classifications to specific data. For example, personal information, which requires stringent protection, can be managed efficiently. Your Privacy team can create data classification policies to classify data according to its sensitivity. They can then link the Policy asset to relevant resources to track compliance.
Key benefits
With Policy Manager, you can have an overview of the organization’s governance assets:
- Standards, such as ISO-standards or other local standards.
- External regulations, such as GDPR.
- Entities, such as EBA, ISO, EC, and FDA.
- Internal regulations, such as policies, goals, and constraints.
- Controls, such as a dissemination plan.
- Risks, evaluation, and mitigation, such as privacy risk and market access risk.
- Accreditation and certificates, such as conformance certificates.
You can also have an overview of the policy lifecycle:
- Adoption: See the regulations and the respective regulations, paragraphs, and sections to check the adoption of the applicable regulations throughout the organization.
-
- Risks: Define the risks and their mitigation rules, and trace them to the policies and data assets.
Opening Policy Manager
You can open Policy Manager if you have the Product Rights > Policy Manager global permission. To open Policy Manager, on the main toolbar, click
→
Policy Manager.
Policy Manager contains Governance assets such as business rules, data sharing agreements, policies, and rules. You can create your own view or switch to another view.
Use cases
Policy Manager helps keep your data safe by:
- Classifying data based on sensitivity.
- Connecting these classifications to specific data.
Personal information
In any organization, personal information needs to be adequately protected. Typically, your Privacy team sets up the Data Classification Policy, where they classify the data based on how sensitive or critical it is.
Consider the following three classifications for sensitivity:
- Public data: Least sensitive data.
- Private data: Slightly more sensitive than public data.
- Restricted data: Most sensitive data and therefore needs the highest level of protection.
These classifications help determine what level of security is needed for the applications that store or move the data.
A Policy asset and its standards can be linked to the relevant assets, such as Data assets or Technology assets, through the "complies with" relation.
The following image shows the standard sub-assets of the Data Classification Policy asset.
The following image shows a diagram depicting how the Data Classification Policy asset is cascaded down into logical and physical data layers.
Retention policy
Retention policy defines how long data should be retained. For example, some personal data might need to be stored only for one year. Policy Manager helps enforce these retention policies, ensuring that information is removed when it is no longer needed.
Asset types
Policy Manager uses the following out-of-the-box asset types.
| Asset type | Public ID |
|---|---|
| Governance Asset | GovernanceAsset |
| Data Sharing Agreement | DataSharingAgreement |
| Policy | Policy |
| Standard | Standard |
| Rule | Rule |
| Business Rule | BusinessRule |
Attribute types
Policy Manager uses the following out-of-the-box (OOTB) attribute types. The Used in asset type column represents the OOTB asset types that include the given attribute type in their global assignment by default.
| Attribute type | Public ID | Used in asset type |
|---|---|---|
| Description | Description |
Governance Asset |
|
Data Sharing Agreement |
||
|
Policy |
||
| Standard | ||
| Rule | ||
| Business Rule | ||
| Purpose | Purpose |
Governance Asset |
|
Data Sharing Agreement |
||
|
Policy |
||
| Standard | ||
| Rule | ||
| Business Rule | ||
| Exception Scenario | ExceptionScenario |
Governance Asset |
|
Data Sharing Agreement |
||
|
Policy |
||
| Standard | ||
| Rule | ||
| Business Rule | ||
| Measurement | Measurement |
Governance Asset |
| Policy | ||
| Rule | ||
| Business Rule | ||
| Descriptive Example | DescriptiveExample |
Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| Inclusion Scenario | InclusionScenario |
Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| Effective Start Date | EffectiveStartDate |
Governance Asset |
| Policy | ||
| Rule | ||
| Business Rule | ||
| Effective End Date | EffectiveEndDate |
Governance Asset |
| Policy | ||
| Rule | ||
| Business Rule | ||
| State Changed Date | StateChangedDate | Data Sharing Agreement |
| Note | Note | Policy |
| Standard | ||
| Business Rule | ||
| Scope | Scope | Policy |
| Last Review Date | LastReviewDate | Standard |
| Loaded Rows | LoadedRows | Business Rule |
| Non Conformity Score | NonConformityScore | Business Rule |
| Conformity Score | ConformityScore | Business Rule |
| Passing Fraction | PassingFraction | Business Rule |
| Result | Result | Business Rule |
Relation types
Policy Manager uses the following out-of-the-box (OOTB) relation types. The Used in asset type column represents the OOTB asset types that include the given relation type in their global assignment by default.
| Relation type | Public ID | Used in asset type |
|---|---|---|
| applies to Asset | AssetCompliesToGovernanceAsset |
Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| complies to Governance Asset | AssetCompliesToGovernanceAsset | Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| is grouped by Governance Asset | GovernanceAssetGroupsGovernanceAsset |
Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| groups Governance Asset | GovernanceAssetGroupsGovernanceAsset |
Governance Asset |
| Policy | ||
| Standard | ||
| Rule | ||
| Business Rule | ||
| violated by Issue | GovernanceAssetViolatedByIssue | Governance Asset |
| Rule | ||
| resolves Issue | GovernanceAssetResolvesIssue | Governance Asset |
| Rule | ||
| impacted by Issue | IssueImpactsAsset | Governance Asset |
| Data Sharing Agreement | ||
| Policy | ||
| Standard | ||
| Rule | ||
| is requested by Business Dimension | DataSharingAgreementIsRequestedByBusinessDimension | Data Sharing Agreement |
| requires Data Usage | DataUsageIsRequiredByDataSharingAgreement | Data Sharing Agreement |
| includes Standard | StandardIsIncludedInPolicy | Policy |
| Standard | ||
| is enforced by Rule | PolicyIsEnforcedByRule | Policy |
| Standard | ||
| is enforced by Managed Control | ManagedControlEnforcesPolicy | Policy |
| applies to Compliance Target | ComplianceTargetCompliesToPolicy | Policy |
| is included in Policy | StandardIsIncludedInPolicy | Standard |
| governs Asset | AssetGovernedByGovernanceAsset | Business Rule |
| governed by Governance Asset | AssetGovernedByGovernanceAsset | Business Rule |