Components /Security

SecurityPolicyCard

components/security/PolicyCard.vue

Policy status card showing compliance metrics, violation counts, and flow stats with sparklines. Green border for compliant (cool), red for active violations (hot).

EU Data Residency (GDPR)

v1

Pii is flowing to destinations outside allowed geography

Last Updated2026-01-15
RegulationsCCPA, state privacy Laws

Flows Governed

12
k

Compliance

74
%

Violations

1.2
k
Source
Dataflow
Destination
Violation
Time
ruby.exe
PII
S
api.stripe.io
Data leaving EU
Sept 18, 12:57 PM
ruby.exe
PII
S
api.stripe.io
Data leaving EU
Sept 18, 12:57 PM
ruby.exe
PII
S
api.stripe.io
Data leaving EU
Sept 18, 12:57 PM
big

Sensitive Data

v1

PII is flowing to destinations outside allowed geography.

Last Updated2026-01-15
RegulationsCCPA, state privacy laws

Flows Governed

12
k

Compliance

100
%

Violations

0

PII Handling

v4

Ensures PII data is only transmitted to approved and reviewed vendors.

Last Updated2026-02-01
RegulationsGDPR, CCPA

Flows Governed

456

Compliance

100
%

Violations

0
med

Data Residency — US Only

v3

Restricts data flows to US-based regions only (us-east-1, us-west-2). CloudAnalytics routing to ap-south-1.

Flows Governed

4.8
k

Compliance

96
%

Violations

7

Vendor Allow List

v3

Restricts data flows to pre-approved vendors only. Violations declining after Vendor Allow List v3 deployed.

Flows Governed

3.5
k

Compliance

98
%

Violations

5
small

Internal Service Access

v1

Flows Governed

1.2
k

Compliance

91
%

Violations

8

PII Access Controls

v2

Flows Governed

2.1
k

Compliance

99
%

Violations

2
micro

Acceptable Use

v2

Flows Governed

892

Compliance

100
%

Violations

0

Cross-Region Transfer

v1

Flows Governed

1.8
k

Compliance

99
%

Violations

1
Starter Pack — 16 policies across 7 tiers
Geographic

US Data Residency

v3

PII and sensitive data must remain within approved US regions.

Last Updated2026-01-15
RegulationsCCPA, state privacy laws

Flows Governed

1.2
k

Compliance

98
%

Violations

3

EU Data Residency (GDPR)

v2

EU personal data must stay within EU/EEA or countries with adequacy decisions.

Last Updated2026-02-01
RegulationsGDPR Art. 44-49

Flows Governed

834

Compliance

99
%

Violations

1

Cross-Border Transfer

v2

International data transfers require SCCs or adequacy determination.

Last Updated2025-11-20
RegulationsGDPR, EO 14117

Flows Governed

412

Compliance

99
%

Violations

0
Sensitivity

PII Protection

v4

PII can only flow to vendors with a valid Data Processing Agreement.

Last Updated2026-02-10
RegulationsGDPR, CCPA, CPRA

Flows Governed

2.3
k

Compliance

98
%

Violations

5

PHI Handling (HIPAA)

v2

Protected health information restricted to HIPAA-covered entities and business associates.

Last Updated2025-09-30
RegulationsHIPAA Privacy Rule

Flows Governed

156

Compliance

100
%

Violations

0

Payment Card Data (PCI DSS)

v3

Cardholder data restricted to PCI DSS Level 1 compliant destinations.

Last Updated2025-12-05
RegulationsPCI DSS v4.0

Flows Governed

892

Compliance

100
%

Violations

0
Actor

Vendor Data Sharing

v5

Data can only flow to vendors in Approved lifecycle state with valid data agreement.

Last Updated2026-01-28
RegulationsMultiple (umbrella)

Flows Governed

3.1
k

Compliance

96
%

Violations

8

Internal Service Access

v2

Only registered services with valid identity can access sensitive internal endpoints.

Last Updated2026-02-15
RegulationsSOC 2, internal

Flows Governed

5.6
k

Compliance

95
%

Violations

12

Third-Party Sub-processing

v1

Approved vendors must disclose and control onward transfers to sub-processors.

Last Updated2026-02-28
RegulationsGDPR Art. 28

Flows Governed

1.8
k

Compliance

93
%

Violations

6
Transport

Encryption in Transit

v3

All external data flows must use TLS 1.2 or higher.

Last Updated2025-08-10
RegulationsPCI DSS, HIPAA, SOC 2

Flows Governed

12.8
k

Compliance

100
%

Violations

1

Data Minimization & Purpose Limitation

v1

Only data fields necessary for the stated business purpose may flow to external vendors.

Last Updated2026-03-01
RegulationsGDPR Art. 5(1)(b)(c)

Flows Governed

1.9
k

Compliance

91
%

Violations

14

Bulk Data Export (DLP)

v1

Prevents mass data exfiltration by requiring approval for large-volume transfers.

Last Updated2026-01-20
RegulationsSOC 2, GDPR

Flows Governed

4.2
k

Compliance

99
%

Violations

2
Lifecycle

Data Retention & Deletion

v2

Data must be retained only as long as required and deleted on schedule or upon valid request.

Last Updated2026-02-05
RegulationsGDPR Art. 17, CCPA

Flows Governed

3.5
k

Compliance

95
%

Violations

7
Environment

Dev Environment Isolation

v1

Production data cannot flow to non-production environments without anonymization.

Last Updated2026-01-10
RegulationsSOC 2, PCI DSS

Flows Governed

2.2
k

Compliance

97
%

Violations

4
Operational

AI/ML Data Usage

v1

Customer data cannot be sent to AI/ML services without explicit consent and classification review.

Last Updated2026-02-20
RegulationsEU AI Act, CCPA

Flows Governed

89

Compliance

100
%

Violations

0

Shadow IT & Unknown Destinations

v2

Alert on data flowing to unclassified or unregistered external endpoints.

Last Updated2026-01-05
RegulationsInternal

Flows Governed

8.4
k

Compliance

97
%

Violations

23
components/security/PolicyCard.vue

Usage

<SecurityPolicyCard name = "—" :version = "1" state = "cool" size = "big" description = "—" lastUpdated = "—" regulations = "—" :flowsGoverned = "—" :flowsData = "[]" :compliance = "—" :complianceData = "[]" :violations = "—" :violationsData = "[]" :violationSamples = "[]" />

Props

PropTypeDefaultDescription
nameStringPolicy name (required)
version[String, Number]'1'Version label shown top-right
stateString'cool''cool' (green, compliant) or 'hot' (red, violations)
sizeString'big''big' | 'med' | 'small' | 'micro'
descriptionString''Policy description (shown in big + med)
lastUpdatedString''Date string shown in big size only
regulationsString''Regulation names shown in big size only
flowsGovernedNumberFlow count (auto-abbreviated, e.g. 12000 → 12k) (required)
flowsDataArray<{count: number}>[]Sparkline data points for flows
complianceNumberCompliance percentage 0–100 (required)
complianceDataArray<{count: number}>[]Sparkline data points for compliance
violationsNumberViolation count — turns red when > 0 (required)
violationsDataArray<{count: number}>[]Sparkline data points for violations
violationSamplesArray[]Violation records to display in an adjacent table. When non-empty, renders SecurityViolationsTable beside the card with a "Violation Samples X of Y" footer and Remediate button.

Related

SecurityPolicySkinDataMetricValueDataMetricSparkSecurityDataFlowSecurityViolationsTable