Govern overview

Governance on IntegraCI is not a separate workflow you run before an audit. It is a property of the work itself: the same actions that ship and secure your software also produce the proof that they were done correctly.

What Govern covers

• Policy as code. Your rules live as versioned, tested code, evaluated at pipeline gates and on platform actions. Every decision is logged and replayable, so you can show not just what was allowed but why.
• Compliance bundles. Ready-made policy bundles map controls to common frameworks such as SOC 2, ISO 27001, PCI-DSS, HIPAA, and GDPR. The bundles help you demonstrate controls; they are not a certification.
• Evidence and reports. Scan results, approvals, and deploy logs are pulled from real platform data and exported as one bundle when a review comes. You stop doing screenshot archaeology.
• The audit trail. Platform actions are written to a tamper-evident, append-only trail you can search and export.

Why this matters

When evidence is a side effect of the platform doing its job, an audit stops being a fire drill. You answer who did what, when, and under which approval, by exporting it rather than reconstructing it. Governance is the through-line of IntegraCI; this is where it surfaces.

Task-level guides for authoring policy and exporting evidence are being expanded. The full set of controls is available in the portal, and the platform overview describes them.