Dataiku Govern provides a way to require stakeholder sign-off on model versions and on bundles before they are deployed to production on certain infrastructures.
In the standard workflow, Govern model versions and Govern bundles have one sign-off on the Review step.
The following information applies to both deployment of model versions on an API node and deployment of bundles on an Automation node.
Once Dataiku Deployer is linked with your Dataiku Govern instance, you might define a governance policy for each Deployer Infrastructure.
From the infrastructure settings, you can choose between 3 different governance policies that will apply for all deployments made on this infrastructure:
Prevent the deployment of unapproved packages. If the model version or the bundle is approved, its status will be updated and it can be deployed. If the model version or the bundle is abandoned or rejected, the workflow will be locked and deployment will be blocked. You will get an error asking you to complete the approval process before deployment.
Warn and ask for confirmation before deploying unapproved packages. You will receive a warning asking you if you really want to continue the deployment.
Always deploy without checking. You will be able to deploy regardless of the sign-off status. This is the default value.
A Governance status section is visible on the Design node for each model version of saved models in its summary page, letting you know at which stage of the Governance workflow process your model is.
Similarly, in the bundle summary, there is a governance status section:
We will use the word “reviewers” to describe anyone providing a feedback or the final approval.
In the Dataiku Govern process, sign-off is broken down into “Feedback” and “Final Approval”.
Reviewers are defined at the governed project level in Sign-off reviewers and approvers section and will be the same for all model versions and bundles attached to this project.
You can see who is allowed to perform the review (user, group, api key, and role) by clicking next to each feedback and final approval section.
There are multiple answer slots for Feedback, but only one for the Final Approval; the slots can be assigned to either roles or individuals.
Feedback is organized with 3 feedback groups: IT & Operations teams, Risk & Compliance teams and Business teams.
Reviewers give useful feedback to the creator of the model version or the bundle.
Feedback reviews provide the final approver more information to take a decision.
Feedback is optional. It is possible to skip the Feedback section and just have the Final Approver sign off.
Only one final approval can be submitted.
The Final Approval status is checked by Dataiku Deploy and the deployment authorization depends on the Governance policy set up on the infrastructure.
Reviewers can be reused in the same sign-off process: someone could be assigned both “Feedback” and “Final Approver”.
If necessary, each reviewer can delegate their review to another user which is a convenient way to ask someone else to give a review.
The user can choose to send emails to the reviewers notifying them that their review has been requested. Email notifications must be set up prior.
Multiple reviewers submit their feedback within the same feedback group.
Each reviewer can add multiple feedback where they “Approve” or raise “Minor” or “Major” issues about the govern item being reviewed.
Only the final approver has the final call and can “Approve”, “Reject” or “Abandon” it.
If the final approver considers that there are not enough feedback to take a decision, it is possible to Go Back to the Feedback Stage to allow the feedback edition.
In case the sign-off is abandoned, it is possible to:
Cancel the Abandon so it will restore the reviews submitted
or Reset the Sign-off so all the reviews will be cleaned up.
Sign-off and workflow
Possibility to add or remove a sign-off on each workflow step.
Possibility to choose if the sign-off approval is mandatory to continue the workflow process.
Create multiple feedback groups
Assign who can give a review. You can add several roles, Users, Groups and/or Global API Keys.
Setup recurrence to automatically reset an approved sign-off. It can also be scheduled manually on each sign-off.