Set Up Governance Policies

This guide walks you through creating and deploying a governance policy that automatically responds to sensitive data findings.

Time required: 10 minutes

Prerequisites:

Editor or Admin role in the Customer Dashboard
At least one completed scan with findings

Step 1: Navigate to Governance

In the Customer Dashboard, navigate to Governance > Policies in the sidebar.
Click Create Policy.
Select YAML Editor.

Step 2: Write the Policy YAML

Here is an example policy that alerts on high-confidence SSN findings and tokenizes credit card numbers:


apiVersion: slim.io/v1
kind: Policy
metadata:
  name: protect-financial-pii
  description: "Tokenize credit cards, alert on SSNs in production data"
  tags:
    - pci-dss
    - production
spec:
  mode: dry-run
  scope:
    connectors: []  # empty = all connectors
    file_types:
      - csv
      - json
      - parquet
      - xlsx
  conditions:
    - category: Credit Card
      min_confidence: 0.75  # tune for your environment, see Settings > Detection
    - category: SSN
      min_confidence: 0.75  # tune for your environment, see Settings > Detection
  actions:
    - type: tokenize
      config:
        algorithm: aes-256
        key_scope: tenant
    - type: alert
      config:
        channels:
          - slack://security-alerts
        severity: high

Always start with mode: dry-run. This evaluates the policy against existing findings and logs what would happen, without actually executing any actions.

Step 3: Validate

Click Validate in the editor.
Slim.io verifies:
- YAML syntax and schema compliance
- Referenced connectors exist (if specified)
- Action configurations are valid
- No conflicting policies
Resolve any errors before deploying.

Step 4: Deploy in Dry-Run Mode

Click Deploy.
The policy activates in dry-run mode.
Navigate to Governance > Policies to see the policy in the active list.
The policy will evaluate against all future scan findings and log matches.

Step 5: Review Dry-Run Results

After the next scan completes (or manually trigger a reconciliation):

Navigate to the policy detail page.
Review Matched Findings — the findings that would trigger this policy.
Check that the matches are correct:
- Are the right categories being matched?
- Are false positives being included? (Adjust min_confidence if so.)
- Is the scope correct? (Are findings from expected connectors appearing?)

Step 6: Switch to Enforced Mode

Once you are satisfied with the dry-run results:

Edit the policy YAML.
Change mode: dry-run to mode: enforced.
Click Deploy to update.

The policy now executes actions (tokenize, alert) on all matching findings from this point forward.

Step 7: Monitor

Navigate to Governance > Policies to see the policy status.
Check Last Triggered to see when the policy last executed.
Review the Audit Log for detailed execution records.
Monitor Slack (or configured channels) for incoming alerts.

Policy Patterns

Alert-Only Policy


spec:
  mode: enforced
  conditions:
    - category: PHI
      min_confidence: 0.75  # tune for your environment, see Settings > Detection
  actions:
    - type: alert
      config:
        channels:
          - email://compliance@company.com
        severity: medium

Quarantine Public Data


spec:
  mode: enforced
  conditions:
    - risk_score_min: 75
  actions:
    - type: quarantine
    - type: alert
      config:
        channels:
          - slack://security-critical
        severity: critical

Tag for Review


spec:
  mode: enforced
  conditions:
    - category: API Key
      min_confidence: 0.75  # tune for your environment, see Settings > Detection
  actions:
    - type: tag
      config:
        tags: ["needs-review", "api-credential"]
    - type: alert
      config:
        channels:
          - slack://dev-ops
        severity: medium

Next Steps

Policy-as-Code reference — Full YAML schema documentation
Drift Detection — Monitor for compliance changes
Risk Scoring — Understand how risk scores drive policy conditions