⚖️ Governance Enforcement

The Challenge: Incomplete Integrations Going Live

Before Custom Metadata:

• Integration built without documented owner
• Service deployed to production without approval
• Resource marked as critical but no emergency runbook
• 60% of integrations lack basic governance metadata

Result: Architectural debt accumulates. Support chaos. Knowledge loss. Compliance violations.

The Solution: Mandatory Metadata Fields

Custom Metadata enables governance enforcement at creation time—integrations cannot go live without mandatory fields:

Mandatory Field Rules:

• Integration cannot publish without: Owner, SLA Level, Approval Status
• Service cannot deploy to Production without: Owner, Change Window, Runbook
• Resource cannot mark as Critical without: Emergency Contact, Escalation Procedure
• Message Type cannot activate without: Business Ownership, Data Classification

Result: 100% compliance. Every integration documented before it causes problems.

---

Real-World Impact

Metric	Before	After	Value
Integration Completion	60% with documented owner	100% (mandatory field)	Zero ownership gaps
Deployment Delays	None (skip review, go live broken)	5 min (fill mandatory fields)	Minimal friction, maximum governance
Audit Findings	"30% undocumented integrations"	"100% governance compliance"	Zero regulatory findings
Support Knowledge	Scattered, incomplete	Centralized, mandatory	Onboarding time cut 50%
Incident Time-to-Resolve	Hours (hunting for context)	Minutes (metadata in alert)	SLAs protected

---

Implementation Workflow

Before Governance Enforcement

1. Developer creates Integration "New-Payment-Processor"
2. Deploys to Production (no documentation required)
3. Integration fails at 2 AM on Sunday
4. Support tries to call owner: "Who owns this?"
5. Nobody knows
6. Escalates to Manager: Out of office
7. Escalates to Architect: Away on vacation
8. 4 hours of chaos

After Governance Enforcement

1. Developer creates Integration "New-Payment-Processor"
2. System requires mandatory fields before publish:
   • Owner: (required—must select from list)
   • SLA Level: (required—select Gold/Silver/Bronze)
   • Approval Status: (required—must be "Approved")
   • Change Window: (required—fill in approved deployment windows)
3. Developer fills in metadata
4. Integration publishes with complete governance
5. Integration fails at 2 AM on Sunday
6. Support reads alert: "Owner: Sarah (555-0123), SLA: Gold, Approved by: VP Operations"
7. Calls Sarah immediately
8. Issue resolved in 15 minutes

Difference: 4 hours of chaos vs 15 minutes of resolution. All because metadata was mandatory.

---

Common Mandatory Field Configurations

For Integrations (Production):

• Owner (required) - Who is responsible
• SLA Level (required) - Gold/Silver/Bronze
• Approval Status (required) - Approved/Pending/Rejected
• Emergency Contact (required if SLA=Gold) - Escalation point
• Business Process (required if Finance) - What business purpose
• Compliance Tags (required if handling data) - GDPR/HIPAA/PCI

For Services (Production):

• Owner (required) - Service owner
• Change Window (required) - When can restart
• Runbook (required if Gold SLA) - Emergency procedures
• Dependencies (required) - What systems depend on this

For Resources (Monitoring):

• Owner (required) - Responsible person
• SLA Target (required) - Uptime percentage
• Emergency Contact (required if Critical) - Escalation point
• Alerting Rules (required if Critical) - Who gets notified

Result: Consistent governance across artifact types.

---

Multi-Level Conditional Mandatory Fields

Advanced: Make fields mandatory based on other metadata values.

Example - Conditional Mandatory Fields:

IF SLA = Gold
THEN Emergency Contact IS REQUIRED
THEN Runbook IS REQUIRED
THEN On-Call Schedule IS REQUIRED

IF Environment = Production
THEN Approval Status IS REQUIRED
THEN Approver IS REQUIRED
THEN Approval Date IS REQUIRED

IF Compliance Tags = GDPR
THEN Data Classification IS REQUIRED
THEN Data Retention Policy IS REQUIRED
THEN Privacy Team Contact IS REQUIRED

Result: Governance rules adapt to risk level. Gold SLA integrations = stricter requirements.

---

Business Impact: Quality Scores

Use mandatory fields to calculate Quality Score for each integration:

Integration: Order-to-Cash

Governance Completeness:
✅ Owner: Henrik (required, filled)
✅ SLA Level: Gold (required, filled)
✅ Approval Status: Approved (required, filled)
✅ Emergency Contact: Michael (required if Gold, filled)
✅ Runbook: [attached] (required if Gold, filled)
✅ Change Window: Tue/Thu 2-4AM (required if Prod, filled)
✅ Compliance Tags: GDPR, PCI (required if data, filled)

Quality Score: 100% (7/7 mandatory fields complete)
Status: PRODUCTION READY

---

Integration: Budget-Reporting

Governance Completeness:
✅ Owner: [empty] (required, MISSING)
✅ SLA Level: [empty] (required, MISSING)
✅ Approval Status: Pending (required, filled)
❌ Emergency Contact: [empty] (required if SLA=Gold, N/A)
❌ Runbook: [empty] (required if Gold SLA, N/A)
✅ Change Window: [empty] (required if Prod, filled)
✅ Compliance Tags: [empty] (optional)

Quality Score: 33% (2/6 mandatory fields complete)
Status: CANNOT DEPLOY (missing Owner, SLA)

Result: Visual governance dashboard. Integrations can't deploy until quality score > 90%.

---

Next Step

Ready to enforce governance from day 1?

Add or manage Custom Metadata – Define mandatory fields for your organization

Ownership Clarity scenario – See how ownership enforcement works in practice

Related Topics

• Custom Metadata Overview - Return to hub
• Integrations - Define business integrations
• Message Types - Define transaction types with metadata