Enforcement
Policy & AuthorityEnforcement provides compliance monitoring for published policies. Once a policy reaches Published status, the Enforcement module tracks compliance posture through KPI and KRI definitions, monitors compliance incidents, and provides a consolidated view of policy effectiveness across the organization.
Enforcement applies to policies that have reached Published status in the Policy Library. Implementation progress for individual controls is tracked through Control Mapping.
Enforcement view
Navigate to Policy Lifecycle > Enforcement to see all published policies with their compliance status. This view provides an at-a-glance overview of enforcement posture across the organization. An enforcement stats bar at the top summarizes key metrics including total published policies, compliance rates, and open incidents.
Compliance tracking
Each published policy tracks three dimensions of compliance:
- Compliance Status — the overall compliance posture for the policy, reflecting control implementation and incident history
- KPI Definitions — Key Performance Indicators that measure policy effectiveness, stored as JSON and configurable per policy
- KRI Definitions — Key Risk Indicators that flag emerging compliance risks, stored as JSON and configurable per policy
KPIs and KRIs are defined at the individual policy level, allowing each policy to have metrics tailored to its specific compliance requirements.
Compliance incidents
When a policy violation or compliance gap is identified, it is tracked as a compliance incident linked to the relevant policy.
Incident severity
| Severity | Description |
|---|---|
| LOW | Minor deviation with limited impact |
| MEDIUM | Notable compliance gap requiring attention |
| HIGH | Significant violation with potential business impact |
| CRITICAL | Severe breach requiring immediate remediation |
Incident status
| Status | Description |
|---|---|
| OPEN | Incident identified and awaiting response |
| IN_REMEDIATION | Corrective actions are underway |
| RESOLVED | Remediation completed and verified |
| CLOSED | Incident fully resolved and documented |
Permissions
| Permission | Access |
|---|---|
policy:manage | Create and manage compliance incidents, configure KPI/KRI definitions, update compliance status |
policy:read | View enforcement status, compliance metrics, and incident history |