Policies
A policy is a named business rule, designed to alert the policy owner of specific conditions detected in metadata in the SmallID database. For example, a policy can be related to monitoring and compliance with:
- Regulations (such as GDPR for Europe),
- Industry standards (such as DSS/PCI for credit card data),
- General security for data protection, or Conditions related to your specific needs.
View policies
There are many predefined policies available to be enabled out-of-the-box. In order to list them, navigate to Action Center -> Policies. In SmallID, enabled policies are defined by the regulations selected in the startup wizard.
Enabled policies and traffic light pattern
Enabled policies follow a traffic light paradigm. A red light means the data conditions represented have been met, and action is required. We refer to a policy in this state as having been “triggered.” An enabled policy that is not triggered appears with a green light, which means data conditions that might require attention have not been detected. A green light for a policy that represents a requirement is not a perfect indicator of compliance, since evaluation is based on metadata that is most likely informed by a sample from your data sources, rather than analysis of every file or database record.
Policy types
Policy Type determines what the query counts:
- Privacy causes the query to count metadata records in the SmallID database,
- Access Governance causes the query to count objects (tables or files) that contain Personal Information (PI)
- Catalog causes the query to count objects regardless of whether they contain PI.
Create your own policy
Navigate to action center -> policies:
You can now get an alert when new findings match your criteria.