Organization Policies¶
Why This Exists¶
This document defines policies that govern Organization Domain behavior or react to Organization events.
Policies translate domain rules into business decisions and automated or assisted reactions.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Policy ownership belongs to the Organization Domain unless a policy explicitly delegates action to another domain.
Business Value¶
Policies create business value by making Organization behavior consistent, auditable, and reusable across workflows, AI reasoning, APIs, and downstream domains.
Policy Catalogue¶
| Policy | Runs when | Decision made | Outputs |
|---|---|---|---|
| Organization Activation Policy | OrganizationRegistered, OrganizationProfileUpdated. | Whether Organization can become Active. | Activation decision or profile gap list. |
| Profile Completeness Policy | Profile created or updated. | Whether required profile sections are complete. | Completeness score and missing fields. |
| Capability Verification Policy | CapabilityAdded or evidence updated. | Whether capability status can change to verified. | Verification status and evidence notes. |
| AI Suggestion Review Policy | AI suggests profile, capability, preference, or memory updates. | Whether suggestion is accepted, rejected, or held for review. | Reviewed fact or review task. |
| Organization Suspension Policy | Risk, billing, compliance, or admin trigger occurs. | Whether Organization should be suspended. | Suspension event or no-action decision. |
| Data Ownership Policy | Cross-domain write request occurs. | Whether requested change belongs to Organization or another domain. | Accept, reject, or redirect decision. |
| Cross-Domain Reference Policy | Another domain references Organization data. | Whether reference is valid and current. | Reference approval, read model update, or error. |
Policy Flow¶
flowchart LR
Event[Domain Event]
Policy[Organization Policy]
Decision[Policy Decision]
Command[Command or Task]
NewEvent[Follow-up Event]
Event --> Policy
Policy --> Decision
Decision --> Command
Command --> NewEvent
Organization Activation Policy¶
This policy determines whether an Organization can move to Active.
It considers:
- Required profile fields.
- Primary owner.
- Contact details.
- Verification requirements.
- Suspension or archive constraints.
- Minimum procurement readiness requirements.
Profile Completeness Policy¶
This policy computes completeness using profile sections that matter to procurement.
Completeness should consider:
- Identity.
- Contacts.
- Addresses.
- Services and products.
- Capabilities.
- Evidence.
- Procurement preferences.
Capability Verification Policy¶
This policy evaluates whether an Organization capability has sufficient evidence to be verified.
Evidence may include certifications, licences, equipment, staff, fleet, past projects, and client references.
AI Suggestion Review Policy¶
This policy governs AI-enriched Organization facts.
AI suggestions must be traceable, reviewable, and reversible. AI must not silently convert uncertain facts into canonical Organization truth.
Data Ownership Policy¶
This policy protects One Concept, One Owner.
If another domain attempts to change Organization-owned data, the policy decides whether the request should be accepted through Organization APIs, rejected, or redirected.
Cross-Domain Reference Policy¶
This policy governs references from other domains to Organization data.
It ensures downstream domains use OrganizationId and authorized read models instead of duplicating Organization ownership.