Nopal Governance
Manage policies, compliance, and organizational oversight.
Compliance alert: The Open Source Contribution Policy is non-compliant — a related Casework matter (CW-2026-0036) identified IP assignment gaps. 3 engineers need updated agreements.
Compliance Scorecard
60%Data Retention & Deletion Policy
Defines data lifecycle, retention periods by category, deletion procedures, and legal hold exceptions. Covers customer data, employee records, and operational logs.
Acceptable Use Policy — AI & LLM Systems
Governs the use of AI/LLM tools for internal and customer-facing applications. Covers data input restrictions, output review requirements, and model selection criteria.
Vendor Risk Assessment Framework
Standard process for evaluating third-party vendors on security, privacy, reliability, and financial stability. Required for any vendor with access to customer data.
Incident Response Plan
Defines severity levels, response timelines, communication protocols, and post-mortem procedures for security and operational incidents.
Employee Code of Conduct — 2026 Update
Updated code of conduct reflecting new remote work policies, AI usage guidelines, and revised conflict-of-interest disclosures.
Open Source Contribution Policy
Framework for employee contributions to open-source projects, IP assignment requirements, and approved licenses.