How to Respond to Alerts
GOVERN generates alerts when assessments produce violations above a configurable severity threshold. Alerts are designed to surface only what requires human attention.
Alert types
| Type | Trigger | Default severity |
|---|---|---|
| Policy violation | Assessment score below threshold | Matches violation severity |
| Drift detected | Model behavior deviation exceeds limit | High |
| Shadow AI discovered | Unapproved system found by monitoring agent | Critical |
| Energy drop | Org energy score falls more than 10 points | Medium |
| System offline | Registered system stops reporting | High |
Responding to an alert
- Open the alert from your notification channel or from Alerts in the dashboard
- Review the linked assessment or system record
- Choose a response: Acknowledge, Escalate, Resolve, or Suppress
- Add a note explaining your decision — this becomes part of the audit record
Alert suppression
If an alert type is generating noise (e.g., a known acceptable use pattern flagging a threshold), you can suppress it for a defined window. Suppressions require a reason and are visible in the audit trail. They automatically expire.
Routing alerts
Configure alert routing in Settings → Notifications. You can route by severity, system, or policy to different channels (email, Slack webhook, PagerDuty integration key).