Policy Overview
Policies are the rules that define what content should be blocked, detected, or redacted when users interact with AI platforms. This guide explains how policies work and how to manage them.
What is a Policy?
A policy is a rule that:
- Detects specific patterns in content
- Takes action when patterns are found
- Records the event for audit
Policies run in real-time as users interact with AI platforms, enforcing your organization's data protection requirements.
Policy Components
Each policy consists of:
Detection Rules
What the policy looks for:
- Pattern matching - Regular expressions
- Keyword detection - Specific words/phrases
- Data type recognition - SSN, credit cards, etc.
- AI/ML models - Advanced content classification
Enforcement Action
What happens when detected:
- Block - Prevent the action completely
- Detect - Record the event and create an alert without blocking
- Redact - Automatically mask or remove sensitive content before sending
Scope
Where the policy applies:
- AI Platforms - ChatGPT, Claude, all, or specific
- Users - All users, specific teams, or individuals
- Sites - Can be overridden per site
Pre-Built Policies
Containment.AI includes a library of pre-built policies:
PII Detection
| Policy | Detects | Default Action |
|---|---|---|
| Social Security Numbers | XXX-XX-XXXX pattern | Block |
| Credit Card Numbers | 16-digit card numbers | Block |
| Phone Numbers | Various phone formats | Detect |
| Email Addresses | Email patterns | Detect |
| Physical Addresses | Street addresses | Detect |
Credentials & Secrets
| Policy | Detects | Default Action |
|---|---|---|
| API Keys | Common API key patterns | Block |
| Passwords | Password-like strings | Block |
| Private Keys | PEM, SSH key formats | Block |
| Connection Strings | Database URLs | Block |
Business Data
| Policy | Detects | Default Action |
|---|---|---|
| Financial Data | Revenue, pricing info | Detect |
| Customer Names | Name + context patterns | Detect |
| Project Codenames | Internal project names | Detect |
Compliance
| Policy | Detects | Default Action |
|---|---|---|
| HIPAA/PHI | Medical information | Block |
| GDPR Personal Data | EU PII patterns | Detect |
| PCI Data | Payment card info | Block |
Policy States
Enabled
- Policy is active and enforcing
- Violations generate alerts
- Users see blocks/detections
Disabled
- Policy is not running
- No enforcement occurs
- Existing alerts remain
Draft
- Policy is being edited
- Not yet activated
- Test without enforcement
Policy Hierarchy
Policies can be scoped at multiple levels:
Organization Policies
↓
Team Policies
↓
Site-Specific Overrides
More specific scopes override broader ones.
Plan Availability
| Feature | Free | Professional | Enterprise |
|---|---|---|---|
| Pre-built policies | ✓ (read-only) | ✓ | ✓ |
| Enable/disable | ✓ | ✓ | ✓ |
| Custom policies | ✗ | ✓ | ✓ |
| Policy exceptions | ✗ | ✓ | ✓ |
| Team scoping | ✗ | Basic | Full |
Getting Started
- Review the Policy Categories
- Configure policies for your needs
- Set up exceptions for legitimate use cases
Best Practices
Start Conservative
- Begin with detect mode
- Review alerts before blocking
- Gradually tighten controls
Tune Regularly
- Check for false positives weekly
- Adjust sensitivity as needed
- Add legitimate patterns to allowlists
Document Decisions
- Keep notes on why policies are configured
- Track exceptions and their justifications
- Maintain audit trail of changes
Related Topics
- Policy Categories - Explore available policies
- Configuring Policies - Set up and customize
- Exceptions - Handle edge cases