← Policy gallery

cert_deviation_documented

coding-standards auditability pure_temporal secure-codingcertseirisk-baseddeviations-recordsrag-red

Every deviation records the violation rationale and is approved.

Formula

G(Deviation → rationale_recorded ∧ deviation_approved)

Why it matters

SEI CERT: a documented deviation records the rule, the rationale (e.g. a false positive or an acceptable risk), and the approval allowing the violation to remain.

Examples

passes the risk/remediation step is evidenced

fails the required assessment/remediation is absent

Use it

ponens policies add cert_deviation_documented --into ./trace.json
ponens trace check ./trace.json