Compliance Policies¶
Why This Exists¶
This document defines policies that govern Compliance behavior or react to Compliance events.
Policies make compliance decisions consistent and auditable.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Business Value¶
Policies help Algosure detect gaps, monitor expiry, score readiness, handle AI suggestions, and protect ownership boundaries.
Policy Catalogue¶
| Policy | Runs when | Decision made | Outputs |
|---|---|---|---|
| Compliance Profile Creation Policy | OrganizationRegistered event is consumed. | Whether to create Compliance Profile. | ComplianceProfileCreated. |
| Document Expiry Policy | Document uploaded or scheduled expiry review occurs. | Whether document is valid, expiring, or expired. | Expiry status, alerts, risk. |
| Evidence Verification Policy | Evidence is uploaded or reviewed. | Whether evidence is verified, rejected, or pending. | Verification record. |
| Procurement Readiness Scoring Policy | Evidence, requirements, or profile change. | New readiness score. | ProcurementReadinessScoreUpdated. |
| Compliance Risk Policy | Missing, expired, weak, or conflicting evidence found. | Risk severity and remediation. | ComplianceRiskIdentified. |
| Tender Requirement Policy | Tender requirements are captured. | Requirement applicability and evidence needs. | Tender-specific requirement set. |
| AI Suggestion Review Policy | AISuggestionReceived. | Accept, reject, or request human review. | AISuggestionAccepted or AISuggestionRejected. |
| Cross-Domain Ownership Policy | Other domain requests compliance mutation. | Allow command, reject, or redirect. | Approved command or rejection. |
Policy Flow¶
flowchart TD
Event[Domain Event]
Policy[Compliance Policy]
Decision[Policy Decision]
Command[Compliance Command]
NewEvent[Compliance Event]
Event --> Policy
Policy --> Decision
Decision --> Command
Command --> NewEvent
AI Suggestion Review Policy¶
This policy ensures Intelligence does not directly mutate compliance facts.
AI suggestions must include:
- Source context.
- Confidence score.
- Explanation.
- Evidence references.
- Suggested action.
Compliance decides whether to accept, reject, or request review.