A policy is a configurable set of rules that defines how sensitive content is detected, monitored, and managed within your organization’s data ecosystem. Policies specify criteria such as:

  • The types of information to detect (e.g., predefined infotypes, custom terms, regular expressions)
  • The scope of data sources
  • Frequency
  • Exclusions

Each policy enables administrators to establish and automate protection measures tailored to organizational needs, ensuring compliance with data protection requirements and reducing the risk of unauthorized data exposure. You can manage policies through the sensitive findings, which provides tools for policy creation, configuration, enforcement, archiving, and real-time monitoring of policy violations.

Policy scope

Your policy’s scope determines what information Glean will review.The scope can be configured using the following criteria:

  • Data sources: Specify whether the policy applies to all data sources in your organization, or only to selected repositories or platforms.
  • Time period: Choose the range of document activity (such as when a document was viewed, created, or modified) that the policy will review.
  • Permissions: Set parameters for which documents are included based on user or group access levels (e.g., documents visible to all users, specific roles, or external collaborators).

Sensitive content

The sensitive content you define determines what types of information Glean’s sensitive insights feature will detect. You can specify sensitive data in multiple ways:

  • Defining specific info types, or by selecting them from a recommended list.
  • Entering custom terms, which Glean will attempt to find matches for.
  • Defining rules using regular expressions to match specific data formats or keywords.

This configurable approach allows you to create policies that accurately identify a broad range of sensitive content, supporting any compliance and organizational needs you may have.

You can also adjust your policy to exclude content that is not sensitive, but may otherwise turn up in your findings. For example, if you set a policy to report email addresses as sensitive, you may wish to exclude a sample user (sample-user@example.com).

Frequency

All policies run on a recurring schedule. You can adjust how often policies run depending on your needs. For the highest priority sensitive content, you will likely want to set a continuous frequency to ensure that any findings are identified and addressed promptly. For lower priority sensitive content, you may wish to run on a weekly basis.

Create a policy

Create a policy to start generating findings.

Prerequisites

  • You must be a super admin or have the sensitive content moderator role enabled to create and view policies.
  1. Navigate to the Glean Admin console > Governance > Sensitive findings page, then select the policies tab.
  2. Select the Create policy button to start creating your policy. You can create a policy either from scratch or from a template.
  3. Once in the policy creation page:
    1. Define your policy’s scope:
      1. Choose a data source or scope your policy to all data sources in Glean
      2. Define a time period your policy will apply to
      3. Select the permissions or the viewership of the documents (ie: anyone in the organization, anyone on the internet, specific teammates. etc.)
    2. Define sensitive content. Choose any combination of info types, specific terms, regular expressions.
    3. Specify any terms to exclude from your policy’s search.
    4. Define the frequency with which your policy will run.
  4. Name and select the Create policy button to save your policy.

Archive a policy

Active policies run on a recurring basis. When you no longer need a policy, you can archive it. Archived policies no longer scan and no longer generate findings. Any content that is hidden will be made available.

To archive a policy:

  1. Navigate to the Glean Admin console > Governance > Sensitive findings page, then select the policies tab.
  2. Select the menu icon on the right side of the policy you wish to archive.
  3. Select the Archive option.

Restore a policy

You can restore an archived policy at any time. Once archived policies are restored, they will begin generating findings in accordance with their frequency.

To restore a policy:

  1. Navigate to the Glean Admin console > Governance > Sensitive findings page, then select the policies tab.
  2. Select the Restore button for the policy you wish to restore.