Governance and policy
Governance and policy
Section titled “Governance and policy”This page shows you how to set the guardrails, consent defaults, and oversight controls that keep SUPERWISE Chat safe and compliant for everyone in your workspace. By the end you’ll know what you can tune as an administrator, what’s fixed by your plan, and how to confirm that your safety controls are doing their job.
Who this is for: workspace administrators (and the IT or compliance owners who support them). You’ll need an admin role to change these settings — if Settings → Governance isn’t visible to you, ask your tenant administrator to grant access.
Before you start
Section titled “Before you start”- You have an administrator role (a tenant administrator, project administrator, or higher). Governance settings live under Settings → Governance.
- You know who in your organization should have oversight access — the people who need to review what happened without being able to change settings. They get the Governance Manager role (see Users and roles).
- If you’re applying organization-wide rules, decide your defaults first, then let teams adjust within them. Defaults you set apply to new conversations and new projects going forward.
How safety review works
Section titled “How safety review works”Every message in Chat passes through a series of automatic safety checks before and after the AI responds. You don’t have to wire these up — they run on every conversation. As an administrator, you decide which safety profile applies and who can review the results.
There are four review points, framed for what they protect:
| Review point | When it runs | What it protects |
|---|---|---|
| Incoming message | As a message arrives | Screens for prompt manipulation and clearly unsafe input before any work begins. |
| Retrieved evidence | While gathering supporting material | Filters sensitive or confidential content (including personal data) out of the material used to answer. |
| Assembled request | Just before the AI is asked to respond | Confirms the full request is within policy before the model sees it. |
| Final answer | Before the reply is shown | Reviews the response for safety before it reaches the user. |
When content is held, the user sees a plain notice that their message was reviewed for safety — never a raw error. You don’t need to configure that message.
What you can configure vs. what’s fixed by your plan
Section titled “What you can configure vs. what’s fixed by your plan”Use this table to set expectations before you open Settings. “Tunable” means you can change it; “Fixed” means it’s set by your subscription plan or built into the product for everyone’s protection.
| Control | Tunable by admins? | Notes |
|---|---|---|
| Which safety profile applies to an assistant | Tunable | Choose the safety profile that matches your industry or risk posture. |
| Consent defaults for your organization | Tunable | Set what optional features (like memory and document indexing) are on by default. |
| Who has oversight access (Governance Manager) | Tunable | Assign read-only review access to compliance and security staff. |
| Whether external web search is allowed | Tunable | Web search is governed by policy: you decide where it’s permitted, and higher-risk uses can be set to require approval before they run. |
| Whether essential safety review can be turned off | Fixed (cannot be disabled) | Safety review is an essential activity and runs for everyone. |
| The four review points and their cautious/available balance | Fixed | Built in; identical across workspaces. |
| Plan limits (agents, monthly usage, datasets) | Fixed by plan | Raise these by upgrading your plan — see Model access and tiers. |
Set up governance for your workspace
Section titled “Set up governance for your workspace”Follow these steps once, then revisit them when your policies change.
- Open Settings → Governance. If you don’t see it, you don’t have an admin role yet — ask your tenant administrator.
- Choose the safety profile for your assistants. For each published assistant, attach the safety profile that matches your needs (for example, a stricter profile for an assistant that handles customer data). An assistant with no profile attached is flagged as a coverage gap so you can find and fix it.
- Set your consent defaults. Decide which optional processing is on by default for your organization — for example, conversation memory and document indexing. Individual users can still opt out of optional activities; essential activities (answering questions and safety review) stay on for everyone.
- Assign oversight access. Give your compliance or security reviewers the Governance Manager role. They can review what happened and export records, but cannot change settings or moderate conversations — the right separation of duties for an auditor. See Users and roles.
- Confirm coverage. Open the governance overview and check that your published assistants show as protected rather than gap or unknown. Resolve any gaps by attaching a safety profile.
Worked example: a stricter profile for a customer-data assistant
Section titled “Worked example: a stricter profile for a customer-data assistant”Suppose your support team runs an assistant that can touch customer records, and your compliance team needs to review everything it does.
- In Settings → Governance, attach your strictest safety profile to that assistant so its incoming messages, evidence, and answers are all reviewed under the tighter rules.
- Leave conversation memory and document indexing at your organization’s default — or turn them off for this team if you don’t want customer details retained.
- Assign your two compliance reviewers the Governance Manager role so they can review the oversight record and export it for audits, without being able to edit the assistant or its settings.
- Confirm the assistant shows as protected in the governance overview.
- Point reviewers to Audit and usage, where they can review the safety and access record over time.
The result: a tighter safety posture on the one assistant that needs it, the right people watching it, and a clean separation between who operates and who oversees.
What gets recorded
Section titled “What gets recorded”You don’t have to set up logging — oversight records are kept automatically and are tamper-resistant by design:
- Safety reviews are recorded for every message, so reviewers can see what was checked and what was held.
- Role and access changes are recorded and can’t be edited or deleted from within the product.
- Settings changes are kept as an append-only history — they can be added to, but never altered or removed.
- Consent changes are kept as a per-user history.
Governance Managers and administrators can review and export these records. For the day-to-day review workflow, see Audit and usage. For how your organization’s data is kept separate from every other organization’s, see Tenant isolation.
Troubleshooting
Section titled “Troubleshooting”A user says their message was “reviewed for safety” and held. That’s the safety review working as intended — usually a cautious hold rather than a hard block. If it happens repeatedly for legitimate content, check that the assistant has the right safety profile attached (an overly strict profile may be the cause) and review the recorded safety decisions in Audit and usage.
An assistant shows as a “gap” in the governance overview. The assistant is published but has no working safety profile attached (or its profile is missing or suspended). Attach a valid safety profile to move it back to protected.
A user can’t turn off memory or document indexing. Those are optional and should be toggleable per user. If they can’t, your organization’s defaults may require them, or the user may not have permission to change their own settings — check your consent defaults in Settings → Governance.
A user wants to turn off safety review. That isn’t possible. AI safety review is an essential activity that runs for every workspace and every user — it can’t be disabled.
I don’t see Settings → Governance at all. You don’t have an administrator role. Ask your tenant administrator to assign one (see Users and roles).
Related pages
Section titled “Related pages”- Users and roles — assign the Governance Manager (oversight) and administrator roles.
- Audit and usage — review the safety, access, and usage record and export it for compliance.
- Model access and tiers — what your plan includes and how to raise limits.
- Tenant isolation — how your data is kept separate from other organizations’.