Data Remediation Policy

A Data Remediation policy is a set of policy rules, which govern actions that are run on the basis of the Data Classification process results.

Each File Access Manager deployment has a data remediation policy that spans all the deployment’s applications.

Each Data Remediation rule consists of:

• Categories - the data classifications of a file that triggers the specific rule

• Scope - whether the rule should be triggered by application, by application type, or should not be limited by either [unlimited]

• Script path - The path to a script to be executed on the files that match this category.

Note: The script must be written in PowerShell and can accept both the filename and the category as parameters, and return an error message in case it fails.

A Data Remediation script is executed on a file that matches one of the Data Remediation rules. Each rule can run a single script.

The Data Remediation scripts are executed by the installed Application’s Data Classification service. The service periodically queries the database for new scripts which are pending for execution, and in turn executes them and writes the execution results to the logs.

You can track the execution of the Data Remediation rules by generating log reports.

To set a Data Remediation Policy:

1. Navigate to Compliance > Data Classification > Data Remediation

2. The data remediation has the following options:

1. Generate Report: Run or schedule a report based on the remediation rules, according to the requested time period.

2. New Rule: Create a data remediation rule

3. Each Data Remediation line has the options Edit and Delete.

Note: Data Remediation allows you to run any operation on classified files. This also includes encrypting.