About Policy Manager

Successful data governance programs rely on well-defined policies and regulations to safeguard both data and users. Policy Manager simplifies this process by offering a place to create and manage data policies.

Policy Manager allows you to store and show the metadata of your policies and regulations, allowing you to link the metadata to your knowledge graph. It provides an overview of your organization’s governance assets, such as Standards, Regulations, and Risks. It also provides key functions to adopt, implement, and monitor the digital policies for your organization.

Policy Manager helps keep your data safe by classifying data based on sensitivity and linking these classifications to specific data. For example, personal information, which requires stringent protection, can be managed efficiently. Your organization’s Privacy team can create Data Classification Policies to classify data according to its sensitivity. They can then link the Policy asset to relevant resources to track compliance.

Note Policy and Standard assets can be created only in the domains of type Policy Domain.
Important 

In Collibra 2024.05, we launched a new user interface (UI) for Collibra Platform! You can learn more about this latest UI in the UI overview.

Use the following options to see the documentation in the latest UI or in the previous, classic UI:

In this topic

Key features

With Policy Manager, you can easily have the following:

  • An overview of the enterprise’s governance assets.
    • Standards, such as ISO-standards or other local standards.
    • External regulations, such as GDPR.
    • Entities, such as EBA, ISO, EC, and FDA.
    • Internal regulations, such as policies, goals, and constraints.
    • Controls, such as a dissemination plan.
    • Risks, evaluation, and mitigation, such as privacy risk and market access risk.
    • Accreditation and certificates, such as conformance certificates.
  • An overview of the policy lifecycle:
    • Adoption: See the regulations and the respective regulations, paragraphs, and sections to check the adoption of the applicable regulations throughout the enterprise.
    • Compliance: Monitor how the enterprise’s data governance program can be traced to the policies and if there are compliance gaps.
    • Risks: Define the risks and their mitigation rules, and trace them to the policies and data assets.

How to open Policy Manager

You can open Policy Manager if you have the Product Rights > Policy Manager global permission. To open Policy Manager, on the main toolbar, click Products iconPolicy Manager.

Policy Manager contains Governance assets such as Business Rules, Data Sharing Agreements, Policies, and Rules. You can also create your own view or switch to another view.

Image of Policy Manager

Policy Manager tabs

Image of Policy Manager

Tab Description

Governance Assets

A table with Governance assets.

Metrics

A variety of statistics related to how the assets of the application are used.

Policy Manager use cases

Policy Manager helps keep your data safe by:

  • Classifying data based on sensitivity.
  • Connecting these classifications to specific data.

Personal information

In any organization, personal information needs to be adequately protected. Typically, your Privacy team sets up the Data Classification Policy, where they classify the data based on how sensitive or critical it is.

Consider the following three classifications for sensitivity:

  • Public data: Least sensitive data.
  • Private data: Slightly more sensitive than public data.
  • Restricted data: Most sensitive data and therefore needs the highest level of protection.

These classifications help determine what level of security is needed for the applications that store or move the data.

A Policy asset and its standards can be linked to the relevant assets, such as Data assets or Technology assets, via the complies with relation.

The following image shows the standard subassets of the Data Classification Policy asset.

Types of data

The following image shows a diagram depicting how the Data Classification Policy asset is cascaded down into logical and physical data layers.

Image of a Data Classification Policy diagram

Retention policy

Retention policy defines how long data should be retained. For example, some personal data might need to be stored only for 1 year. Policy Manager helps enforce these retention policies, ensuring that information is removed when it is no longer needed.

Image of a Retention Policy