Policies: How they work in Safetica ONE 11

Protect your data, control app behavior and the use of websites via policies.

In the Protection section, you will find lists of policies for the protection of data, controlling the use of applications, and controlling web visits. You can also set up auditing policies for recording data-related operations.

In all the Protection tabs, you can see lists of policies with:

The priority each policy has.

The state of the policy, which can be either Enabled or Disabled.

By clicking a policy, you will display its detail.

Every policy can be applied to specific users, devices, or teams.

How policies work in Safetica ONE 11

• First match always applies. 
• If a policy is matched, the policy action is performed.
• Each policy has several sections (e.g. destination types or users), which are evaluated separately.
• A policy is matched when ALL its sections are matched (AND relationship).
• If no match is found for a policy, the evaluation continues with lower-priority policies until a matching policy is found.
• If no matching policy is found, no action is taken.

Example: When a policy is found with a first-match rule for upload, the action assigned to that rule will be performed, and upload will not be evaluated any further. Evaluation will continue, however, for other operations (e.g. for email). These will be evaluated by policies placed lower in the list until a first match is found. 

Example: An admin has 3 policies. A user from the Graphics team uploads a file. A policy that does not contain the Graphics team is skipped. Another policy contains the Graphics team, but does not contain Web upload, so it is skipped. The third policy is a general one for the whole company, so it is applied.

This logic is used in all the policy tabs.

Read next:

Data classification in Safetica ONE 11

Policies: How to create them

Auditing policies: what are they

Data policies: how they work