Skip to content

Policies and Controls

Policies define governance requirements. Controls are the specific requirements within a policy that teams implement, monitor, declare against, and review.

The policy library is the organization-level view of available policies. Privileged users can create policy templates and apply policies to selected projects.

When a policy is applied to a project, Governance Studio creates a project policy instance. That instance tracks project-specific status, evidence, declarations, reviews, indicators, certificates, and archive state.

Controls are reviewed inside an applied policy. Each control can include:

  • Control title, code, description, and citations.
  • Implementation or monitoring status.
  • Declarations submitted by authorized users or automated workers.
  • Reviews created by reviewers.
  • Evidence attachments.
  • Indicator configuration and evaluation history.