Define Domino Governance policies

We are introducing a new role to manage policies with Domino Governance: GovernanceAdmin.

The GovernanceAdmin has unique permissions to create, edit, and publish policies. New policies must be approved before they can be published. In addition to managing policies, the GovernanceAdmin can use the governance dashboard, view the audit trail, monitor compliance, and access the governance APIs.

Note
You’ll need to be assigned the GovernanceAdmin role in order to complete these tasks. CloudAdmins and SysAdmins already have permissions associated with Domino Governance.

Prerequisite

The first thing you should do is assign the GovernanceAdmin role to a couple of users:

  1. In the Admin console, select Manage Resources > Users.

  2. Select the user you want to promote as a GovernanceAdmin.

  3. Click Edit for that user.

  4. Select GovernanceAdmin (Admin role for Governance) from the list of roles.

  5. Click Save.

Define your first policy

Policies in Domino define the lifecycle of a scientific output, such as deploying a model to production, building a statistical analysis, or building an AI system. Policies could be industry standards, corporate risk policies, or regulations.

Policies are created in YAML by the GovernanceAdmin before being attached to governed bundles.

Build Domino governance policies has more robust building blocks for your custom policies.

Option 1: Create a new governance policy from scratch

  1. Go to Govern > Policies and select Create Policy.

  2. From the Policy Template menu, use None (start from scratch).

  3. Name your policy and provide a short description.

  4. Select Create.

  5. In the Code editor, you can copy and paste this example code to create your first policy.

    Example code for policy.
    classification:
      rule:
      artifacts:
        - model-risk
    stages:
      - name: Business Case Development
        evidenceSet:
          - id: Local.business-case
            name: Business Case
            description: Define the business problem and initial risk assessment
            definition:
              - artifactType: input
                details:
                  label: What is the purpose of the model?
                  type: textarea
              - artifactType: input
                details:
                  label: What is the type of the business case?
                  type: select
                  options:
                    - Model development (incl new model)
                    - Model change
        approvals:
          - name: Business Case Sign Off
            allowAdditionalApprovers: true
            approvers:
              - integration-test
            evidence:
              id: Local.business-case-signoff
              name: model-gov-org
              description: Review and approve the business case
              definition:
              - artifactType: input
                details:
                  label: Did you read the business case?
                  type: radio
                  options:
                    - Yes
                    - No
              - artifactType: input
                details:
                  label: Have you discussed the business case with the model owner?
                  type: radio
                  options:
                    - Yes
                    - No
              - artifactType: input
                aliasForClassification: model-risk
                details:
                  label: Do you classify this model as being High, Medium, or Low risk ?
                  type: radio
                  options:
                    - High
                    - Medium
                    - Low
              - artifactType: input
                details:
                  label: Sign-off date
                  type: date
      - name: Requirements Definition
        evidenceSet:
          - id: Local.requirements
            visibilityRule: classificationValue == "High"
            name: Requirements Definition
            description: Define user, input, and output requirements
            definition:
              - artifactType: input
                details:
                  label: Does the purpose of the model change?
                  type: radio
                  options:
                    - Yes
                    - No
                    - Not applicable (new model)
              - artifactType: metadata
                details:
                  label: Upload the listed user requirement.
                  type: file
              - artifactType: input
                details:
                  label: Will the input data change compared to the input date of the current model?
                  type: radio
                  options:
                    - Yes
                    - No
                    - Not applicable (new model)
              - artifactType: metadata
                details:
                  label: Upload the listed input data requirements.
                  type: file
              - artifactType: input
                details:
                  label: Is the input data from an external source?
                  type: radio
                  options:
                    - Yes
                    - No
              - artifactType: input
                details:
                  label: Does the input data include personal information?
                  type: radio
                  options:
                    - Yes
                    - No
              - artifactType: input
                details:
                  label: Will the output data change?
                  type: radio
                  options:
                    - Yes
                    - No
              - artifactType: metadata
                details:
                  label: Upload the listed output data requirements.
                  type: file
              - artifactType: input
                details:
                  label: Does the file format of the output change?
                  type: radio
                  options:
                    - Yes
                    - No
                    - Not applicable (new model)
  6. Update the example code by making a few changes, such as using different stages names or approvers.

  7. Choose Save and then Publish.

Option 2: Create a new governance policy from a template

Domino Governance includes pre-built policy templates. You can use these templates to customize policies for your organization quickly.

  1. Go to Govern > Policies and select Create Policy.

  2. From the Policy Template menu, select a template.

  3. Name your policy and provide a short description.

  4. Select Create.

  5. Verify that the policy workflow looks correct by toggling Graph.

  6. Toggle back to the Code editor.

  7. Update the template by making a few changes, such as using different stages names or approvers.

  8. Choose Save and then Publish.

Toggle Graph to review the policy workflow