Governance
Set connector policies, track audit activity, monitor compliance, and measure program maturity with Velnoro's governance tools.
Velnoro's governance tools help you set rules for your citizen development program, track compliance, and measure maturity over time. The Governance page brings together environment health, asset risk, and connector policies in a single view.
Navigate to Governance in the sidebar under the Govern section. At the top, summary cards show your current governance posture at a glance: compliant assets, violations, orphaned assets, stale assets, and active policies.
The page has three tabs:
- Environments - governance metrics grouped by environment, with classification management
- Assets - per-asset governance table with review workflow, risk tiers, bulk actions, and change detection
- Policies - create and manage connector classification rules (Allowed, Restricted, Blocked)
Governance Intelligence requires a Pro Trial or Business subscription. Connector policy management requires Owner or Admin role.
Key Concepts
- Health score: A composite score (0-100) for each asset, calculated from four factors: owner attribution (0-30), freshness (0-30), runtime state (0-20), and AI connector presence (0-20). Higher is healthier.
- Connector policy: A rule that classifies a specific connector as Allowed, Restricted, or Blocked. Blocked connectors generate violations that appear in the Assets tab.
- Risk tier: A governance priority classification (T1 Enterprise/Critical, T2 Departmental, T3 Personal/Team). Auto-calculated from environment, ownership, health, and violation signals. Can be manually overridden.
- Review status: Tracks governance review progress per asset: Unreviewed, In Review, Approved, Rejected, or Needs Work.
- Change detection: SHA-256 hash comparison of asset metadata between scans. Flags previously reviewed assets for re-review when their metadata changes.
- Orphaned asset: An asset with no identified active owner in your organization.
- Stale asset: An asset that hasn't been modified in 90+ days.
- Maker tiers: Three levels for classifying citizen developers: Explorer (learning), Builder (proficient), Champion (expert). Assigned via the People Directory.
Guides
- Environments and Assets - Environment classification, review workflow, risk tiers, bulk actions, and change detection
- Connector Policies - Define governance rules for connectors and manage violations
- AI-Enabled Assets - Identify and track assets using AI connectors
- Calculation Reference - Detailed formulas for health scores, risk tiers, governance coverage, and review cadence metrics
FAQ
Q: How are health scores calculated? From four weighted factors: owner attribution (30%), freshness of last modification (30%), runtime state (20%), and AI connector presence (20%). The formula runs automatically after each scan.
Q: Who can manage policies? Team Owners and Admins. Members (read-only role) can view governance data but cannot create, edit, or delete policies.
Q: Where can I see a history of governance changes? The Audit Log records all policy changes, scan events, and governance actions with timestamps and actor information.