Mandatory Metadata Fields

Stop Problems at the Source

The Problem: 60% of integrations have no documented owner → Support chaos at 3 AM when systems fail.

The Solution: Mandatory fields that prevent integrations from going live without critical context.

The Result: 100% compliance → Instant escalation, predictable incident response, zero governance gaps.

Enforcement Flow

Diagram: Mandatory field enforcement prevents integrations from deploying to Production without complete governance context. Red = blocked, green = approved, purple = validation checks.

How Mandatory Fields Work

Define Required Fields Per Entity Type

Configure which Custom Metadata fields are mandatory for each artifact:

• Integrations: Owner, SLA Level, Approval Status
• Services: Technical Owner, Technology Stack, Change Window
• Resources: Responsible Team, Emergency Contact, Runbook URL
• Message Types: Compliance Tags, Retention Policy, Encryption Required

System enforcement: Users cannot publish or deploy artifacts without filling mandatory fields.

Common Mandatory Field Configurations

For Integrations

Always mandatory:

• Owner - Who is responsible for this integration (Henrik, Sarah, Ahmed)
• SLA Level - Gold, Silver, Bronze (determines response time)
• Department - Finance, HR, Operations, IT (for alert routing)

Conditional mandatory (Production only):

• Approval Status - Approved, Pending, Rejected (cannot deploy unapproved integrations to Production)
• Business Process Link - URL to business documentation (required for Production integrations)
• Emergency Contact - Phone number for 24/7 escalation (required for Production)

Conditional mandatory (Gold SLA only):

• Runbook URL - Link to emergency recovery procedure (required for Gold SLA integrations)
• Architecture Diagram - Link to system architecture (required for Gold SLA)
• Escalation Chain - Primary → Secondary → Manager (required for Gold SLA)

For Services

Always mandatory:

• Technical Owner - Developer or DevOps contact
• Technology Stack - .NET, Java, Python, BizTalk, MuleSoft, etc.

Conditional mandatory (Production only):

• Deployment Date - When service was deployed to Production
• Change Window - When changes are allowed (e.g., "Saturday 2-6 AM EST")
• Last Security Review - Date of last security audit

For Resources (Monitored Components)

Always mandatory:

• Responsible Team - Platform Team, Database Team, DevOps

Conditional mandatory (Critical resources only):

• Emergency Contact - On-call engineer phone number
• Runbook URL - Emergency procedure document
• SLA Target - 99.9% uptime, 99.5% uptime, etc.

For Message Types

Conditional mandatory (GDPR/HIPAA/PCI compliance):

• Compliance Tags - GDPR, HIPAA, PCI DSS, SOX
• Data Classification - Public, Internal, Confidential, Restricted
• Retention Policy - 7 years (financial), 90 days (diagnostic), etc.
• Encryption Required - Yes/No
• PII Data - Contains personally identifiable information

Conditional Mandatory Rules

By Environment

IF Environment = "Production"
THEN
  Owner IS REQUIRED
  Approval Status IS REQUIRED
  Emergency Contact IS REQUIRED
  Runbook URL IS REQUIRED
END IF

IF Environment = "Development" OR "Test"
THEN
  Owner IS OPTIONAL
  Approval Status IS NOT REQUIRED
END IF

By SLA Level

IF SLA Level = "Gold"
THEN
  Emergency Contact IS REQUIRED
  Runbook URL IS REQUIRED
  Escalation Chain IS REQUIRED
  24/7 Support IS REQUIRED
END IF

IF SLA Level = "Silver"
THEN
  Emergency Contact IS REQUIRED
  Runbook URL IS OPTIONAL
END IF

IF SLA Level = "Bronze"
THEN
  All fields OPTIONAL
END IF

By Compliance Requirements

IF Compliance Tags CONTAINS "GDPR"
THEN
  Data Classification IS REQUIRED
  Retention Policy IS REQUIRED
  PII Data Flag IS REQUIRED
  Legal Contact IS REQUIRED
END IF

IF Compliance Tags CONTAINS "HIPAA"
THEN
  PHI Data Flag IS REQUIRED (Protected Health Information)
  BAA Document IS REQUIRED (Business Associate Agreement)
  Encryption Required IS REQUIRED
END IF

IF Compliance Tags CONTAINS "PCI DSS"
THEN
  Cardholder Data Flag IS REQUIRED
  PCI Audit Date IS REQUIRED
  Encryption Required IS REQUIRED
END IF

Enforcement Scenarios

Scenario 1: Deploy Integration to Production Without Owner

User action:

1. Navigate to Repository → Integrations
2. Create new Integration "Customer-Onboarding"
3. Set Environment = "Production"
4. Leave Owner field blank
5. Click Save

System response:

❌ Cannot save Integration

Missing mandatory fields for Production environment:
- Owner (required)
- Approval Status (required)
- Emergency Contact (required)

Please fill all required fields before saving.

Result: Integration cannot be published without governance context.

Scenario 2: Promote Service to Gold SLA Without Runbook

User action:

1. Navigate to Repository → Services
2. Edit Service "Payment-API"
3. Change SLA Level from "Silver" to "Gold"
4. Runbook URL field is empty
5. Click Save

System response:

❌ Cannot save Service

Gold SLA requires additional mandatory fields:
- Runbook URL (emergency recovery procedure)
- Architecture Diagram (system architecture documentation)
- Escalation Chain (primary → secondary → manager)

Gold SLA integrations require complete operational documentation.

Result: Cannot elevate SLA without complete operational readiness.

Scenario 3: Mark Resource as Critical Without Emergency Contact

User action:

1. Navigate to Administration → Monitor Management → Resources
2. Edit Resource "Payment Gateway Database"
3. Set Criticality = "Critical"
4. Leave Emergency Contact field blank
5. Click Save

System response:

❌ Cannot save Resource

Critical resources require:
- Emergency Contact (24/7 on-call phone number)
- Runbook URL (emergency procedure)
- SLA Target (uptime requirement)

Critical resources must have complete incident response documentation.

Result: Cannot mark resource as critical without incident response plan.

Governance Audit: Find Non-Compliant Artifacts

Run Compliance Report

Filter integrations missing mandatory fields:

Integration Governance Audit Report

Environment: Production
Artifacts: 247 integrations

❌ Missing Owner: 12 integrations (5%)
❌ Missing Approval Status: 8 integrations (3%)
❌ Missing Emergency Contact: 5 integrations (2%)
✅ Fully Compliant: 222 integrations (90%)

Action Required:
1. Review 12 integrations without Owner
2. Obtain approval for 8 pending integrations
3. Add emergency contacts for 5 integrations

Export to Excel and assign to teams for remediation.

Grandfather Existing Integrations

When adding new mandatory fields:

• New field becomes mandatory for future integrations
• Existing integrations are grandfathered (not immediately blocked)
• Run governance audit to identify gaps
• Remediation campaign to bring legacy integrations into compliance

Example:

New Mandatory Field: "Runbook URL"
Applies to: All Gold SLA integrations

Report:
- 45 Gold SLA integrations exist
- 38 have Runbook URL (84% compliant)
- 7 missing Runbook URL (16% non-compliant)

Action:
1. Email 7 integration owners: "Add Runbook URL by end of month"
2. After 30 days, enforce mandatory field for all Gold SLA integrations
3. Non-compliant integrations marked as "Non-Compliant" in UI

Benefits of Mandatory Fields

Prevents Architectural Debt

Before mandatory fields:

• 60% of integrations have no owner
• 40% have no documented SLA
• 75% have no emergency contact
• Result: Support chaos, finger-pointing, blame culture

After mandatory fields:

• 100% of Production integrations have Owner, SLA, Emergency Contact
• 100% of Gold SLA integrations have Runbook, Architecture, Escalation Chain
• Result: Predictable incident response, professional operations

Enforces Governance at Deployment Time

Cannot promote to Production without:

• Approval from management
• Documented owner and escalation
• Runbook and architecture diagrams
• SLA and business impact assessment

Result: No more "shadow IT" deployments. Every Production integration has complete governance context.

Compliance Automation

GDPR breach investigation:

• Filter integrations: "Show all GDPR integrations"
• Result: Instant list of affected systems
• Notify legal team in 30 seconds (vs 2-day meeting to identify systems)

SOX audit:

• Filter integrations: "Show all financial integrations without Approval Status"
• Result: Compliance gap report
• Remediate before auditor arrives

Configuration Guide

Step 1: Define Custom Metadata Fields

Navigate to Administration → Repository → Add or manage Custom Metadata

Create fields:

• Owner (Select)
• SLA Level (Select: Gold, Silver, Bronze)
• Approval Status (Select: Approved, Pending, Rejected)
• Emergency Contact (Text)
• Runbook URL (Link)

Step 2: Mark Fields as Mandatory

For each field:

1. Edit Custom Metadata definition
2. Check "Mandatory" checkbox
3. Select entity types: Integrations, Services, Resources, etc.
4. Configure conditional rules:
   • "Mandatory only for Production environment"
   • "Mandatory only for Gold SLA"
   • "Mandatory if Compliance Tags contain GDPR"
5. Save

Step 3: Test Enforcement

Create test integration:

1. Navigate to Repository → Add or manage Integration
2. Leave Owner field blank
3. Click Save
4. Verify error message: "Owner is required"
5. Fill Owner field → Save succeeds

Step 4: Run Governance Audit

Identify non-compliant artifacts:

1. Navigate to Repository → Integrations
2. Filter: "Show integrations with missing mandatory fields"
3. Export to Excel
4. Assign remediation tasks to integration owners
5. Track compliance over time

Next Step

Add or manage Custom Metadata – Create mandatory fields

Add or manage Integration – Enforce governance at deployment

Governance Enforcement Scenario – See real-world 100% compliance impact

Related Topics

Foundation:

• Custom Metadata Overview - Hub page for all Custom Metadata features
• Entity Coverage - Where Custom Metadata applies

Use Cases:

• Governance Enforcement Scenario - Real-world 100% compliance results
• Compliance Automation Scenario - GDPR/HIPAA/PCI compliance automation
• Ownership Clarity Scenario - Know who owns what at 3 AM

Related Features:

• Alert Enrichment - Mandatory fields appear in alerts automatically
• Rich Data Types - Select, Multi-Select, Links for mandatory fields
• Portfolio Filtering - Query integrations by mandatory field values