Projects, Policies, and Controls
Governance Service provides the product model for projects, policies, applied policies, and controls. Governance Studio uses these same workflows.
Projects
Section titled “Projects”A project groups governance work for a product, system, deployment, or customer-defined scope. Project membership controls who can view or change the project’s data.
Policy Library
Section titled “Policy Library”The policy library stores reusable policies. Applying a policy to a project creates an applied policy and a project-specific set of controls.
Applied Policies
Section titled “Applied Policies”Applied policies are active governance work in a project. They track implementation status, monitoring signals, declarations, reviews, report generation, and credentials.
Applied policies can be archived when governance work is complete. Archiving should happen only after required reports, evidence, indicators, and credentials have been reviewed.
Controls
Section titled “Controls”Controls are the individual requirements users implement and review. Controls can collect declarations, attachments, reviewer comments, outcomes, indicator evaluations, and generated declarations.
Integrator Guidance
Section titled “Integrator Guidance”Integrations should preserve the project context for every governance action. Do not move evidence or monitoring results across projects unless the product workflow explicitly supports that transfer.