#Policy Enforcement

The Policy enforcement module is a core governance tool designed to automatically ensure compliance and security across your Google environment. It allows administrators to define and enforce rules that control settings, sharing, and permissions on Google Drives and other services.

The module operates with two distinct policy types, each suited for different scenarios:

• Automatic policies – Proactive, scheduled policies that continuously monitor a pre-defined data scope. They automatically run on a schedule to detect violations without manual intervention.

• On-demand policies – Reactive, manual policies without a fixed scope or schedule. They are explicitly run by an administrator against specific targets in the Administration module, such as an individual shared drive, for one-time spot checks.

Once a violation is detected by the policies, the following operations are available:

• Automatic fix: The system will execute a pre-configured action to resolve the violation without human input.

• Reporting: The violation and its details will be displayed in the Violation Report. Administrators can then manually investigate and decide on the next steps.

• Approval process: The violation is sent through a configurable system-level approval workflow. Stage approvers can then review the details in the system and manually decide the follow-up actions.

• Add to allow list: Add the out-of-policy object to the allow list to exclude it from the monitoring scope.

To create policies and review violations, click Policy enforcement on the left navigation and then refer to the following sections.