Skip to main content

Overview

When policies evaluate a trace, they produce assessments. These assessments are attached to the trace and visible in review tasks.

Assessment Components

Compliance Status

Compliant - Trace meets policy requirements Non-Compliant - Trace violates policy or needs review

Risk Level

Low - Minimal risk Medium - Some risk, may need attention High - Significant risk, likely needs review Critical - Major violation

Confidence Score

0.0 - 1.0 - How confident the policy is in its assessment Higher scores indicate more certainty

Recommendation

Auto-Approve - Safe to proceed Human Intervention - Needs human review

Additional Fields

Reason

A clear explanation of why the assessment was made: 
"This trace processes personal data (email address) without
explicit consent documentation in the metadata."

Tags

Categorization labels from the policy:
TagMeaning
#PersonalDataContains personal information
#FinancialDataFinancial transactions or data
#SpecialCategoryGDPR special category data
#HighValueHigh-value operation
#SensitiveContentSensitive subject matter

Metadata

FieldDescription
Policy IDWhich policy produced this assessment
Policy VersionExact version used
Evaluated AtTimestamp of evaluation

Using Assessments in Workflows

Workflow triggers can use assessment data: 
# Policy Trigger
Trigger when: GDPR Policy
Condition: Non-compliant
Risk Level: High or Critical

# Conditional Trigger
Field: assessment.riskLevel
Operator: equals
Value: "Critical"

Multiple Assessments

A trace can have multiple assessments (one per active policy): 
Trace: "Send promotional email to user"
├── GDPR Assessment: Non-compliant, High risk
├── Bias Assessment: Compliant, Low risk
└── Custom Policy: Compliant, Low risk
Workflows can trigger on any of these assessments.

Assessment Process

How assessments are created

Understanding Policies

Configure what policies evaluate