Manage policy template
Overview
Policy template is defined as any template that adheres to the compliance regulations for your organization. You use the template to maintain consistency while developing, implementing, and maintaining policies within your company.
inSync provides a few predefined policy templates, and the ability to create policy templates to address your organization's requirements. You cannot delete a predefined policy template; however, you can modify or delete a
The following table provides information about all the templates specific for a geographical region.
Region | Template |
---|---|
Global | Financial data |
Personally Identifiable Information (PII) | |
USA | Document Classification |
Personally Identifiable Information (PII) | |
California Consumer Privacy Act (CCPA) | |
HIPAA | |
Personal Health Information (PHI) | |
UK | Document Classification |
UK National Health Service | |
Personally Identifiable Information (PII) | |
Germany | Document Classification |
Personally Identifiable Information (PII) | |
South Africa | Document Classification |
Japan | Document Classification |
Personally Identifiable Information (PII) |
As an inSync Cloud administrator or legal administrator, you can specify the following while creating or editing a policy template:
- Scan files based on Multipurpose Internet Mail Extensions (MIME) types to cover against rogue or malicious end users trying to change the extensions of files with sensitive data.
You can configure a list of file types that are to be indexed or index all backup data when creating a compliance policy. inSync then filters the files that are to be indexed on MIME Types and not on the file extensions. You can select a parent category of MIME types which includes all the MIME types included in the selected category by default. inSync will then start reporting violations for the respective file types after the next backup schedule if there any updates to the MIME types once a compliance policy is created. Here is the list of file extensions that inSync scans to report compliance violations.
Note: The selected MIME types are also applicable to email attachments.
- Specify a threshold value for the sensitive data
If the count of sensitive data type found in file or email exceeds the threshold value configured for that sensitive data type in any of the applicable policy
templates , then inSync marks the violation as Critical. Else inSync marks the violation as Normal.
Create a custom policy template
Overview
In addition to the predefined policy templates, you can create a custom policy template to address your organization's intellectual property policies or any other requirements.
Procedure
To create a compliance policy template:
- Click the
icon to access the Global Navigation Panel and select Sensitive Data Governance . The Sensitive Data Governance overview page is displayed.
- On the Sensitive Data Governance page, click Configure > Templates. The Templates page opens. This page includes both predefined and custom policy templates.
- Click
New Template. The New Template page appears. - Under the General section, enter the following information:
Field Description Template Name
The name of the policy template.
This is a mandatory field.
Description
The description of the policy template.
This is an optional field.
- Under the Violation Rule section, click Add Sensitive Data and enter the following information:
Field Description Region
Select the region to associate with the policy template.
Sensitive Data Category Select the sensitive data category that is available for the selected region. Sensitive Data
Select the sensitive data that is available for the selected category.
Notes:
- You can associate single or multiple sensitive data to the policy template.
- However, if you add multiple sensitive data that are applicable to different geographic regions, then the template will be set by default to Global region.
- The policy template must be associated to at least one sensitive data.
Critical Threshold Count
Specify the threshold count for the sensitive data type.
Critical Threshold Count defines condition when the violation severity will be marked as critical. The default value is 10.
Example:
When set to 10 (default), detection of 10 occurrences of sensitive data will mark given violation as critical.
- Click Add. The sensitive data is added to the policy template.
- If you have added multiple sensitive data types, inSync displays the Raise Violations if section with the following options:
- At least one
sensitive data present in a document: Select if you want inSync to raise a violationif any of the defined violation rules match the data present in a document. - All sensitive data present in a document: Select if you want inSync to flag a violation if all of the defined violation rules match the data present in a document.
- At least one
- Under the File Inclusion section, select the list of file types that you want to index when creating a compliance policy. Only files under the selected MIME types will be scanned for compliance violations.
- Click Save.
A custom policy template is created and is displayed on the Templates page.
Test new template rule
You can validate any predefined or custom template to verify if it's working as expected. For validation, you can use sample files that inSync must report violations, for, that template. During the check, inSync displays the previews of the violations for each file.
- inSync displays a maximum of 15 violation previews for each file.
- You can upload a maximum of 10 files to test template rules.
- The maximum size of all files should not exceed 10 MB.
The following options are available to test templates:
- While creating a custom template: When you create a custom template, you can use the Test Rule option to check the violations that the template will report. Select the files that you want to scan for violations associated with this policy template, and click View Violations. inSync scans the files and displays the preview of violations in each file.
- Testing existing custom template: Click the name of the custom template data that you want to validate and click Edit. Make the desired changes in the template rules and click Next. Select the files that you want to scan for violations associated with this policy template, and click View Violations. inSync scans the files and displays the preview of violations in each file.
View the list of policy templates
You can view all the available policy templates, which includes both predefined and custom templates.
To view the list of compliance policy templates:
- Click the
icon to access the Global Navigation Panel and select Sensitive Data Governance . The Sensitive Data Governance overview page is displayed.
- On the Sensitive Data Governance page, click Configure > Templates. The Templates page opens. This page includes both predefined and custom policy templates.
Modify a policy template
Overview
As a cloud administrator, you can modify both predefined and custom compliance policy templates.
Procedure
To modify a compliance policy template:
- Click the
icon to access the Global Navigation Panel and select Sensitive Data Governance . The Sensitive Data Governance overview page is displayed.
- On the Sensitive Data Governance page, click Configure > Templates. The Templates page opens. This page includes both predefined and custom policy templates.
- To modify the file inclusion settings, click Edit in the File Inclusion area and do the following:
- Select the list of file types that you want to index when creating a compliance policy. Only those files under the selected MIME types will be scanned for compliance violations.
- Click Done.
- To modify the sensitive data settings, click Edit in the Violation Rule area and do the following:
- Specify the threshold count for the sensitive data type.
inSync identifies critical files as those files in which the sensitive data is equal to or greater than the critical threshold specified for the sensitive data.
- Change the Violation Criteria settings if required.
- Specify the threshold count for the sensitive data type.
- Click Done.
Delete a policy template
Overview
As a cloud administrator, you can delete a custom policy template. However, you cannot delete the predefined policy templates that are shipped along with inSync.
Note: You cannot delete a custom policy template, if it is associated with one or more policies.
Procedure
To delete a policy template
- Click the
icon to access the Global Navigation Panel and select Sensitive Data Governance . The Sensitive Data Governance overview page is displayed.
- On the Sensitive Data Governance page, click Configure > Templates. The Templates page opens. This page includes both predefined and custom policy templates.
- Click the required custom policy template that you want to delete. The details of that policy template
appears . - Click Delete.
- On the confirmation message that appears, click Yes.
The custom policy template is deleted from inSync.