// Governance & Compliance — posture, policy engine, retention/MDM, DPDP consent. const COMPLIANCE = [ { std: "ISO 27001", score: 98, status: "Certified", audit: "Jun 12, 2026" }, { std: "SOC 2 Type II", score: 96, status: "Attested", audit: "May 30, 2026" }, { std: "DPDP (India)", score: 94, status: "Compliant", audit: "Jul 01, 2026" }, { std: "GDPR", score: 92, status: "Compliant", audit: "Apr 18, 2026" }, { std: "HIPAA", score: 90, status: "Compliant", audit: "Mar 22, 2026" }, ]; const POLICIES = [ { name: "PII Dynamic Masking", scope: "gst_no · pan · aadhaar_ref", type: "Masking", enf: "Query-time", status: "Active", hits: "2.4M/day" }, { name: "Data Retention — Audit", scope: "audit_log (WORM)", type: "Retention", enf: "7 years", status: "Active", hits: "—" }, { name: "Row-Level Security", scope: "state analysts → own state", type: "RLS", enf: "Enforced", status: "Active", hits: "18.6K/day" }, { name: "Encryption at Rest", scope: "all PII datasets", type: "Encryption", enf: "AES-256", status: "Active", hits: "—" }, { name: "Right to Erasure", scope: "citizen scheme data", type: "DPDP", enf: "Auto-workflow", status: "Active", hits: "142/mo" }, { name: "Access Recertification", scope: "all privileged roles", type: "Review", enf: "Quarterly", status: "Due · 8d", hits: "—" }, ]; const FINDINGS = [ { sev: "medium", t: "12 stale service accounts not rotated in 90d", owner: "Platform Sec", age: "4d" }, { sev: "medium", t: "tender_bids_raw missing PII classification tag", owner: "Data Gov.", age: "1d" }, { sev: "low", t: "3 dashboards shared with expired external links", owner: "Workspace", age: "6d" }, { sev: "low", t: "Legacy Oracle uses TLS 1.1 — upgrade pending", owner: "Platform", age: "9d" }, ]; function Ring({ value, size = 58, color }) { const r = size / 2 - 5, c = 2 * Math.PI * r; const col = color || (value >= 95 ? "var(--ok)" : value >= 90 ? "var(--primary)" : "var(--accent-2)"); return ( {value} ); } function GovernanceScreen() { return (
Governance & Compliance
Data lineage, policy engine, master data & regulatory posture · 5 standards attested · 0 critical findings
{/* Compliance posture */}
{COMPLIANCE.map((c, i) => (
{c.std}
{c.status}
{c.audit}
))}
{/* Policy engine */}

Policy Engine

ABAC · enforced at query-time across all sources
Enforcing
{POLICIES.map((p, i) => ( ))}
PolicyScopeTypeEnforcementStatus
{p.name}
{p.hits !== '—' ? p.hits : ''}
{p.scope} {p.type} {p.enf} {p.status}

Data Classification

Open Findings

4 open · 0 critical
{FINDINGS.map((f, i) => (
{f.sev}
{f.t}
{f.owner} · {f.age}
))}
{/* Lineage + MDM/retention/consent */}

End-to-End Data Lineage

Column-level · impact analysis · source → report
Auto
{[[92, 40, 150, 75], [92, 110, 150, 75], [212, 75, 270, 75], [332, 75, 390, 45], [332, 75, 390, 105]].map((e, i) => ( ))} {[ { x: 20, y: 28, l: "GeM API", c: "var(--panel-2)", t: "var(--ink)" }, { x: 20, y: 98, l: "Postgres", c: "var(--panel-2)", t: "var(--ink)" }, { x: 152, y: 62, l: "etl.ingest", c: "var(--primary-tint)", t: "var(--primary)" }, { x: 272, y: 62, l: "gem_txns", c: "var(--accent-tint)", t: "var(--accent-2)" }, { x: 392, y: 30, l: "exec_dash", c: "var(--panel-2)", t: "var(--ink)" }, { x: 392, y: 92, l: "ai_copilot", c: "var(--panel-2)", t: "var(--ink)" }, ].map((n, i) => ( {n.l} ))}
Changing gem_txns.order_value impacts 2 reports · 1 model

Master Data & Retention

Golden records · DPDP retention schedule
{[ { icon: "users", t: "Vendor golden records", v: "2.38 M", s: "match rate 99.2% · 4.2K merges/mo" }, { icon: "database", t: "Duplicate suspects", v: "412", s: "AI-flagged · pending steward review" }, { icon: "clock", t: "PII retention", v: "auto", s: "erase 30d post-purpose · DPDP §8" }, { icon: "shield", t: "Consent artefacts", v: "1.2 M", s: "captured · withdrawable · audited" }, ].map((r, i) => (
{r.t}
{r.s}
{r.v}
))}
Governance copilot Posture: Strong
All 5 frameworks are green. The only time-bound item is quarterly access recertification (due in 8 days) covering 133 privileged users. Auto-generate the review pack and route to managers?
); } window.GovernanceScreen = GovernanceScreen;