Policies: How they work in Safetica ONE 11

Protect your data, control app behavior and the use of websites via policies.

In the Protection section, you will find lists of policies for the protection of data, controlling the use of applications, and controlling web visits. You can also set up auditing policies for recording data-related operations.


In all the Protection tabs, you can see lists of policies with:

The priority each policy has.

You can change policy priority by drag-and-dropping them to their correct position.

The state of the policy, which can be either Enabled or Disabled.

Disabled policies are skipped during evaluation.

By clicking a policy, you will display its detail.

Every policy can be applied to specific users, devices, or teams.


How policies work in Safetica ONE 11

Policies in Safetica ONE 11 are prioritized and evaluated from the top to the bottom of the policy list.

  • First match always applies. 
  • If a policy is matched, the policy action is performed.
  • Each policy has several sections (e.g. destination types or users), which are evaluated separately.
  • A policy is matched when ALL its sections are matched (AND relationship).
  • If no match is found for a policy, the evaluation continues with lower-priority policies until a matching policy is found.
  • If no matching policy is found, no action is taken.

A new policy is always placed to the top of the policy list. You can then prioritize it by drag-and-dropping it to its correct position.


Example: When a policy is found with a first-match rule for upload, the action assigned to that rule will be performed, and upload will not be evaluated any further. Evaluation will continue, however, for other operations (e.g. for email). These will be evaluated by policies placed lower in the list until a first match is found. 



Example: An admin has 3 policies. A user from the Graphics team uploads a file. A policy that does not contain the Graphics team is skipped. Another policy contains the Graphics team, but does not contain Web upload, so it is skipped. The third policy is a general one for the whole company, so it is applied.


This logic is used in all the policy tabs.


Read next:

Data classification in Safetica ONE 11

Policies: How to create them

Auditing policies: what are they

Data policies: how they work