Interpreting Policy Violation Trends

The Policy Violation Trends feature has been superceded by Success Metrics, and was removed from IQ Server in version 1.40.

At the top of the Results area, the View menu contains a Calculate Trends command. Calculate Trends opens a Policy Violation Trends dialog displaying policy violations trends that match your current filter.

The purpose of Policy Violation Trends is to provide a quick, twelve-week look at how risk is entering your applications, and how you are handling that risk. The information is divided into four categories, with each category displaying metrics over a twelve-week period.

So how do we interpret the example above?

A policy violation is Pending when it has been discovered, but not yet fixed or waived. Reducing the number of pending violations is a critical task. Weekly deltas above the x-axis indicate there were more discovered violations than those fixed; green bars below the x-axis represent more violations were fixed than discovered.

A policy violation is Waived when a particular component, either in the scope of this application or all applications for the organization, is waived from this particular policy.

A policy violation is Fixed when it no longer exists in any stage. When determining the fixed state of a component, any filtered stages are not considered. That is, if you exclude a stage where a violation has occurred, the count for fixed may increase even though the violation is still present in the other stage.

A policy violation is considered Discovered when it has been observed for the first time. It is not uncommon to see discovered violations trend upwards steeply, especially in the early phases of your implementation, and then plateau as you start developing a better component consumption process.