We're excited to announce the release of Policies, a powerful new feature in Secoda designed to strengthen your data governance capabilities. With Policies, you can enforce compliance standards across your data resources, ensuring consistency, security, and regulatory alignment.

What are Policies?

With Policies, you can set governance rules that automatically track compliance across your data resources. If a resource fails to meet your policy conditions, it will be flagged for remediation, ensuring a streamlined governance workflow.

How Policies work: Structure and templated frameworks

Each policy in Secoda is built around three key components: the resources it governs, the conditions that define compliance, and the actions taken when those conditions aren't met. For example, a policy might flag any production table containing PII that doesn’t have an assigned owner. These conditions are fully customizable and can trigger automated remediation steps or notify responsible teams.

To simplify implementation, Secoda organizes policies using predefined compliance frameworks such as SOC2, GDPR, and ISO27001. This templated approach helps organizations get started quickly with common governance requirements without having to start from scratch. Policies can be tailored to reflect your data stack and internal standards, which reduces friction and helps accelerate adoption across the organization.

Additionally, many governance policies naturally overlap with Data Quality Score (DQS) checks. This integration ensures that policies don’t just enforce compliance but also contribute to improving overall data quality. By combining policy enforcement with data quality monitoring, organizations can proactively prevent governance issues before they become major risks.

This structure makes it easy to move from policy intent to enforcement. The next section walks through how to create and manage policies in Secoda step by step.

How to create and manage Policies

Step 1: Access and create

Policies can be accessed from the left-hand sidebar in Secoda. The creation workflow follows a similar pattern to our monitoring and integration features, with intuitive steps to guide you through the process.

Click Create Policy to start the setup.

Step 2: Define the basics

Start by providing essential information:

1. Enter a policy name (e.g., "PII Requires Owner").
2. Provide a description of the policy (e.g., "Any resource in the production schema that has PII must have an owner").
3. Select the compliance framework(s) (e.g., HIPAA, GDPR) from a static list.
4. Choose the severity level (e.g., Low, Medium, High).

Step 3: Define scope & resources to govern

1. Set the scope of the policy by selecting the resources it will govern.
2. Add filters to specify which resources fall under this policy (e.g., filtering for resources in the "Production" schema).
3. Include additional conditions (e.g., ensuring that the resource contains PII).
4. Preview the filtered resources to confirm they align with the intended scope.

Step 4: Set governance conditions

This is the heart of your governance policy:

• Define the conditions that must be met for compliance (e.g., ensuring an "Owner" is set for all selected resources).
• These conditions determine which resources will be flagged for remediation.

Step 5: Define remediation steps

Specify how to address non-compliant resources:

• If conditions are not met, specify remediation steps (e.g., set the owner field).
• Optionally, link automations to trigger actions based on non-compliance.

Step 6: Add subscribers

Optionally, assign subscribers to receive policy notifications.

Step 7: Activate

Click Create Policy to finalize and activate it.

This template-based approach helps organizations implement governance policies efficiently, ensuring alignment with compliance frameworks while allowing for customization.

Managing Policy compliance

Once created, the Policy overview page provides visibility into:

• Key details: Name, description, severity, and frameworks.
• Governance specifications and conditions: Requirements that must be met.
• Remediation and Issues: A tab that highlights any policy violations so teams can quickly track, resolve, and monitor compliance over time.

For example, if your policy requires PII resources to have owners, the system will identify resources like "dim_customers" that lack this information, allowing you to quickly address compliance gaps.

As best practice, we recommend reviewing policies regularly, using clear naming, and keeping an eye on the Issues tab to stay ahead of compliance gaps.

Find our full documentation on Policies here.

Ready to streamline your data governance?

‍Try out Policies in Secoda or talk to our team to see how they can help you enforce compliance, improve data quality, and simplify policy management at scale.

‍