Skip to content
GOVERN Docs

How to Investigate Findings

When GOVERN flags a violation or unusual pattern, follow this workflow to investigate efficiently and reach a resolution.

Start from the alert

Most investigations begin with an alert notification (email, Slack, or PagerDuty). Each alert links directly to the assessment or set of assessments that triggered it.

Step 1: Understand the violation

Open the assessment detail view. Read the violation description — it explains which policy rule was exceeded and why. Note the severity (critical, high, medium, low) and the enforcement action taken.

Step 2: Review the context

Look at the prompt and response (if stored). Consider: is this a genuine governance concern, a misconfigured policy threshold, or expected behavior from a new use case?

Step 3: Check for patterns

From the assessment detail view, click Related Assessments to see similar violations from the same system. If the pattern is recurring, the issue is likely systematic rather than a one-off.

Step 4: Take action

Based on your investigation:

  • Genuine violation → Open a remediation workflow and assign it to the system owner
  • Misconfigured threshold → Adjust the policy threshold (requires policy admin role)
  • Expected new behavior → Register the behavior as an approved exception with an audit note

All actions are logged in the audit trail.