Skip to content

Projects, Policies, and Controls

Governance Service provides the product model for projects, policies, applied policies, and controls. Governance Studio uses these same workflows.

A project groups governance work for a product, system, deployment, or customer-defined scope. Project membership controls who can view or change the project’s data.

The policy library stores reusable policies. Applying a policy to a project creates an applied policy and a project-specific set of controls.

Applied policies are active governance work in a project. They track implementation status, monitoring signals, declarations, reviews, report generation, and credentials.

Applied policies can be archived when governance work is complete. Archiving should happen only after required reports, evidence, indicators, and credentials have been reviewed.

Controls are the individual requirements users implement and review. Controls can collect declarations, attachments, reviewer comments, outcomes, indicator evaluations, and generated declarations.

Integrations should preserve the project context for every governance action. Do not move evidence or monitoring results across projects unless the product workflow explicitly supports that transfer.