Compliance¶
IMPACT 365 helps keep workspaces and repositories aligned with your governance policy by running workspace compliance and repository compliance operations. These apply or validate retention labels, sensitivity labels, and business authority settings.
Workspace compliance¶
What it does¶
- Scope — Targets provisioned workspaces (SharePoint sites) that are due for a run (e.g. not run recently, or marked for a forced run).
- Business authority — Ensures site-level property bags and the Business Authority column default on IMPACT-managed lists match the values stored for that workspace (e.g. after a re-org or ownership change).
- Labels — For each IMPACT-managed list/library, ensures retention and (where applicable) sensitivity labels match the list template. If the template defines default labels and the list/library is missing them, the run applies them.
- Status — Each workspace is updated with the last compliance run date and status (Compliant or Failed).
Workspaces that are not Active (e.g. Archived, Deleted) are skipped. The operation does not delete or archive sites; it only validates and corrects settings.
When it runs¶
Workspace compliance is typically run on a schedule (e.g. weekly). It can also be triggered on demand or when a workspace is marked for a forced run. The workflow engine processes one compliance job per run; the job itself may process many workspaces in one execution.
Repository compliance¶
What it does¶
- Scope — Targets provisioned repositories (lists/libraries) that are marked Non-compliant.
- Labels — Applies default retention and sensitivity (for libraries) from the list template when the list/library has none. If the template does not define a label, that check is not required.
- Business authority — Ensures the Business Authority column default is set when that column exists (optionally from the site property bag when configured).
- Status — When all applicable checks pass, the provisioned-repository record is updated to Compliant. If the list/library no longer exists on the site, the record can be removed from the queue so it is not retried indefinitely.
Newly provisioned repositories start as Non-compliant; the first compliance run (or a later one) applies labels and defaults and marks them Compliant when done.
When it runs¶
Repository compliance is typically run on a schedule (e.g. weekly), often on a different day from workspace compliance to spread load. It is triggered via the workflow engine with no payload required.
What “compliant” means¶
| Area | Workspace compliance | Repository compliance |
|---|---|---|
| Business authority | Site property bags and list default match the provisioned workspace. | Business Authority column default set when column exists. |
| Retention label | Each IMPACT-managed list/library has retention per template (if template defines it). | List/library has retention per template (if template defines it). |
| Sensitivity label | Each IMPACT-managed library has sensitivity per template (if template defines it). | Library has sensitivity per template (if template defines it); lists do not support default sensitivity. |
If a template does not define a label, that requirement is not enforced. Existing values (even if different from template) are generally accepted so that manual overrides are not overwritten.
What you can trigger via the workflow¶
- Workspace compliance run — Resource/Operation for workspace compliance; no payload required.
- Repository compliance run — Resource/Operation for repository compliance; no payload required.
See Adapter Registry for exact Resource and Operation values.
Next: Workflow Engine — How jobs are queued and processed, and how to add your own workflow entries.