مراقبة الامتثال وإنفاذ السياسات
يراقب المعاملات أو الاتصالات أو سير العمل مقابل السياسات الداخلية والمتطلبات التنظيمية، ويعلّم الانحرافات قبل ما تصير مشاكل. يخرّج تنبيهات مرتّبة بالمخاطر مع الدليل، عشان فريق الامتثال يتدخّل مبكّراً. يشيل حمل المراجعة اليدوية العشوائية ويخلّيها مبنية على إشارات فعلية.
المتطلبات تصف قدرات يحتاجها النمط في بيئتك، مو الموردين اللي لازم تشتريهم. أي نظام يملأ متطلباً يحقّقه — وهذا اللي يخلّي الكتالوج قابلاً للنقل عبر الذيل الطويل من أدوات الشركات الصغيرة والمتوسطة.
monitored_activity_streamsThe streams of activity the pattern watches. Multiple sources, one pattern.
- expense system event stream
- access management logs
- communications archives
- purchase requisition events
- code repository commits and pull requests for change-control
policy_rule_libraryThe firm's policies expressed as testable rules. Critical that this is explicit and maintained: the pattern is only as good as the rules it checks against.
- structured policy library maintained by compliance and legal
- rules engine the pattern reads from
- small admin UI for policy authoring
actor_context_lookupWho the actor is: their role, their authority limits, their reporting line. Many policies depend on who's doing what.
- HR directory with role and reporting structure
- identity management system with permission grants
- RACI matrix maintained by operations
violation_review_queueWhere flagged violations go for human review. Most violations are not clear-cut and need someone to decide.
- compliance review queue in the GRC tool
- ticket queue for compliance officers
- dashboard with prioritized cases
escalation_routeWhere high-severity violations route directly without waiting for queue processing.
- direct chat alert to the compliance officer or general counsel
- phone call escalation for severe cases
- automated email to the CEO or designated executive
audit_evidence_archiveLong-term retention of all flags, reviews, and resolutions. Critical for the audit story this pattern is supposed to support.
- compliance archive in the GRC system
- structured audit log with retention policies
- evidence store accessible to external auditors
false_positive_feedbackHow reviewers flag that something was incorrectly identified as a violation. Critical for tuning: false positives erode trust faster than missed violations.
- dismissal reason capture in the review queue
- false-positive tag reviewers can apply
- weekly retrospective with the compliance team
- 01Continuously ingest events from monitored activity streams
monitored_activity_streams - 02For each event, determine which policies apply based on actor, target, and action type
policy_rule_libraryactor_context_lookup - 03Run applicable policy checks against the event, scoring severity if violated
policy_rule_library - 04If no violation: log as audited-clean, archive evidence, continue
audit_evidence_archive - 05If violation flagged: classify by severityقرار Low-medium → review queue; high → immediate escalation.
- 06Route to review queue or escalation route as appropriate
violation_review_queueescalation_route - 07Capture reviewer verdict and resolution; archive evidence
audit_evidence_archive - 08Capture false-positive feedback for rule tuning
false_positive_feedback
مخرجات منظّمة ينتجها هذا النمط. أنماط ثانية وأنظمة العملاء تقدر تشترك فيها، وهكذا يتركّب الكتالوج مع الوقت.
compliance_health_signalPer-policy violation rates over time, the compliance dashboard's main view.
- compliance leadership
- board reporting
- audit preparation
policy_quality_signalPer-rule false-positive rate, surfaced for rule refinement.
- policy rule library maintenance
- compliance team workflows
actor_pattern_signalPatterns where specific actors or teams trigger frequent flags, useful for targeted training or process review.
- compliance management
- manager coaching workflows
- training program design