Compliance Policies

Creating and Managing Compliance Policies

Creating a Compliance Policy

Compliance policies are user-defined rule sets that Assets can be tested against. Compliance policies only need to be created once; all applicable Assets will be tested against that policy thereafter.

For example, a policy might assert that “Maintenance Alarm Events must be addressed by a Maintenance Report Event, recorded within 72 hours of the alarm”. This creates a Compliance Policy in the system which any Asset can be tested against as needed.

RKVST allows for several types of Compliance Policies:

  1. COMPLIANCE_SINCE: checks the time elapsed since a specific type of Event has not exceeded set threshold.

For example, “time since last maintenance must be less than 72 hours”.

Add Asset Information
Add Compliance Information
---
steps:
  - step:
      action: COMPLIANCE_POLICIES_CREATE
      description: Create COMPLIANCE_SINCE policy
      print_response: true
    description: Maintenance should be performed every 72h
    display_name: Regular Maintenance
    compliance_type: COMPLIANCE_SINCE
    asset_filter:
      - or: [ "attributes.arc_home_location_identity=locations/<location-id>" ]
    event_display_type: Maintenance Performed
    time_period_seconds: "259200"

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>
{
    "compliance_type": "COMPLIANCE_SINCE",
    "description": "Maintenance should be performed every 72h",
    "display_name": "Regular Maintenance",
    "asset_filter": [
        { "or": ["attributes.arc_home_location_identity=locations/<location-id>"]}
    ],
    "event_display_type": "Maintenance Performed",
    "time_period_seconds": "259200"
}

Use the curl command to run your JSON file! See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/v1/compliance_policies
  1. COMPLIANCE_CURRENT_OUTSTANDING: checks if there is a closing Event addressing an outstanding Event.

To correlate Events, define the attribute arc_correlation_value in the Event Attributes and set it to the same value on each pair of events that are to be associated.

Note: To properly track and assess Events, the arc_correlation_value should be unique to each pair of events.

For example, “a Maintenance Request Event must be addressed by a Maintenance Performed Event”.

Add Asset Information
Add Compliance Information
---
steps:
  - step:
      action: COMPLIANCE_POLICIES_CREATE
      description: Create COMPLIANCE_CURRENT_OUTSTANDING policy
      print_response: true
    description: "There should be no outstanding Maintenance Requests"
    display_name: Outstanding Maintenance Requests
    compliance_type: COMPLIANCE_CURRENT_OUTSTANDING
    asset_filter:
      - or: [ "attributes.arc_home_location_identity=locations/<location-id>" ]
    event_display_type: Maintenance Request
    closing_event_display_type: Maintenance Performed

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>
{
    "compliance_type": "COMPLIANCE_CURRENT_OUTSTANDING",
    "description": "There should be no outstanding Maintenance Requests",
    "display_name": "Outstanding Maintenance Requests",
    "asset_filter": [
        { "or": ["attributes.arc_home_location_identity=locations/<location-id>"]}
    ],
    "event_display_type": "Maintenance Request",
    "closing_event_display_type":  "Maintenance Performed"
}

Use the curl command to run your JSON file! See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/v1/compliance_policies
  1. COMPLIANCE_PERIOD_OUTSTANDING: checks if the time between correlated events does not exceed set threshold.

To correlate Events, define the attribute arc_correlation_value in the Event Attributes and set it to the same value on each pair of events that are to be associated.

Note: To properly track and assess Events, the arc_correlation_value should be unique to each pair of events.

For example, “a Maintenance Request Event must be addressed by a Maintenance Performed Event within 72 hours”.

Add Asset Information
Add Compliance Information
---
steps:
  - step:
      action: COMPLIANCE_POLICIES_CREATE
      description: Create COMPLIANCE_PERIOD_OUTSTANDING policy
      print_response: true
    description: There should not be outstanding Maintenance Requests for longer than 72hr
    display_name: Outstanding Maintenance Requests 72hr
    compliance_type: COMPLIANCE_PERIOD_OUTSTANDING
    asset_filter:
      - or: [ "attributes.arc_home_location_identity=locations/<location-id>" ]
    event_display_type: Maintenance Request
    closing_event_display_type: Maintenance Performed
    time_period_seconds: "259200"

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>
{
    "compliance_type": "COMPLIANCE_PERIOD_OUTSTANDING",
    "description": "There should be no outstanding Maintenance Requests longer than 72hr",
    "display_name": "Outstanding Maintenance Requests 72hr",
    "asset_filter": [
        { "or": ["attributes.arc_home_location_identity=locations/<location-id>"]}
    ],
    "event_display_type": "Maintenance Request",
    "closing_event_display_type":  "Maintenance Performed",
    "time_period_seconds": "259200"
}

Use the curl command to run your JSON file! See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/v1/compliance_policies
  1. COMPLIANCE_DYNAMIC_TOLERANCE: checks that the time between correlated events is not excessively different to the observed average normal duration for similar events.

To correlate Events, define the attribute arc_correlation_value in the Event Attributes and set it to the same value on each pair of events that are to be associated.

Note: To properly track and assess Events, the arc_correlation_value should be unique to each pair of events.

For example, “the time between a Maintenance Request Event and Maintenance Performed Event in the last week does not exceed a variation of 0.5 standard deviations around the mean”.

The dynamic_window is the time period to evaluate on, in this case, one week. The dynamic_variability is the number of standard deviations from the mean allowed, in this case, 0.5.

This type of compliance policy is not yet available for creation via the UI. Check out our YAML or JSON format options!
---
steps:
  - step:
      action: COMPLIANCE_POLICIES_CREATE
      description: Create COMPLIANCE_DYNAMIC_TOLERANCE policy
      print_response: true
    description: Average time between Maintenance Requested/Performed
    display_name: Outlying Maintenance Requests
    compliance_type: COMPLIANCE_DYNAMIC_TOLERANCE
    asset_filter:
      - or: [ "attributes.arc_home_location_identity=locations/<location-id>" ]
    event_display_type: Maintenance Request
    closing_event_display_type: Maintenance Performed
    dynamic_window: "604800"
    dynamic_variability: "0.5"

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>
{
    "compliance_type": "COMPLIANCE_DYNAMIC_TOLERANCE",
    "description": "Average time between Maintenance Requested/Performed",
    "display_name": "Outlying Maintenance Requests",
    "asset_filter": [
        { "or": ["attributes.arc_home_location_identity=locations/<location-id>"]}
    ],
    "event_display_type": "Maintenance Request",
    "closing_event_display_type": "Maintenance Performed",
    "dynamic_window": 604800,
    "dynamic_variability": 0.5
}

Use the curl command to run your JSON file! See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/v1/compliance_policies
  1. COMPLIANCE_RICHNESS: checks whether Attributes are within expected bounds or otherwise meet defined conditions.

This type of policy uses richness_assertions. An assertion is comprised of an attribute name, comparison value, and an operator to compare with.

The operator can be one of six relational operators: equal to (=), not equal to (!=), greater than (>), less than (<), greater than or equal to (>=), less than or equal to (<=).

For example, “radiation level must be less than 7”.

This type of compliance policy is not yet available for creation via the UI. Check out our YAML or JSON format options!
---
steps:
  - step:
      action: COMPLIANCE_POLICIES_CREATE
      description: Create COMPLIANCE_RICHNESS policy
      print_response: true
    description: "Radiation level must be less than 7"
    display_name: Rad Limit
    compliance_type: COMPLIANCE_RICHNESS
    asset_filter:
      - or: [ "attributes.arc_home_location_identity=locations/<location-id>" ]
    richness_assertions: 
      - or: [ "radiation_level<7" ]

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>
{
    "compliance_type": "COMPLIANCE_RICHNESS",
    "description": "Rad level is less than 7",
    "display_name": "Rad Limit",
    "asset_filter": [
        { "or": ["attributes.arc_home_location_identity=locations/<location-id>"]}
    ],
    "richness_assertions": [
        { "or": ["radiation_level<7"]}
    ],
}

Use the curl command to run your JSON file! See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X POST \
    -H "@$BEARER_TOKEN_FILE" \
    -H "Content-type: application/json" \
    -d "@/path/to/jsonfile" \
    https://app.rkvst.io/archivist/v1/compliance_policies

Checking Compliance Status

You may check the compliance status of a specific Asset within your tenancy.

Navigate to Manage Assets, then click the Asset you’d like to check. If your Asset is compliant with the relative policies you have created, there will be an RKVST blue tick with the message No compliance policy failures.

Add Asset Information

Create a yaml file, using the desired Asset ID as your asset_label. Setting report: true will print the compliance information for the Asset when the file is run.

---
steps:
  - step:
      action: COMPLIANCE_COMPLIANT_AT
      description: Check Compliance of desired Asset.
      asset_label: assets/<asset-id>
    report: true

Use the archivist_runner command to run your YAML file!

$ archivist_runner \
      -u https://app.rkvst.io \
      --client-id <your-client-id> \
      --client-secret <your-client-secret> \
      <path-to-yaml-file>

Run the following command using the desired Asset ID to check its compliance status. See instructions for creating your BEARER_TOKEN_FILE here.

curl -v -X GET \
    -H "@$BEARER_TOKEN_FILE" \
    https://app.rkvst.io/archivist/v1/compliance/assets/<asset-id>

You may also determine compliance at a historical date by adding the desired date to the query.

curl -v -X GET \
    -H "@$BEARER_TOKEN_FILE" \
    "https://app.rkvst.io/archivist/v1/compliance/assets/<asset-id>?compliant_at=2019-11-27T14:44:19Z"

Edit this page on GitHub