playbooks

home / skills / gtmagents / gtm-agents / governance

governance skill

/plugins/personalization-engine/skills/governance

This skill enforces governance for personalization programs by capturing approvals, logging changes, and auditing compliance.

npx playbooks add skill gtmagents/gtm-agents --skill governance

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.5 KB
---
name: governance
description: Use to enforce approvals, compliance, and auditability for personalization
  programs.
---

# Personalization Governance Skill

## When to Use
- Deploying or updating personalization rules, models, or high-impact content variants.
- Running quarterly audits on consent, data usage, or fairness metrics.
- Investigating incidents related to personalization errors or policy breaches.

## Framework
1. **Policy Alignment** – document legal, privacy, accessibility, and ethical constraints per channel.
2. **Approval Workflow** – define RACI (architect, legal, security, marketing) and required evidence per change.
3. **Change Logging** – capture version metadata (who, what, when, why), including rollback steps.
4. **Risk Monitoring** – set KPIs + alerts for fairness, bias, consent violations, or performance regressions.
5. **Audit Trail** – maintain dashboards + storage for decision logs, approvals, and incident reports.

## Templates
- Change request form (summary, impact, risk score, approvers, attachments).
- Governance checklist (consent, accessibility, localization, security, QA evidence).
- Incident review template (root cause, remediation, follow-up actions, owner).

## Tips
- Pair governance checkpoints with CI/CD or deployment scripts to prevent bypass.
- Use unique change IDs to connect decision tree updates with content variants and experiments.
- Schedule quarterly tabletop exercises to keep stakeholders fluent in escalation paths.

---

Overview

This skill enforces approvals, compliance, and auditability for personalization programs. It provides a structured governance framework to ensure changes to personalization rules, models, and high-impact content are reviewed, logged, and monitored for risk and fairness.

How this skill works

The skill applies a policy-alignment checklist and an approval workflow that captures RACI roles and required evidence for each change. It logs change metadata (who, what, when, why) with unique IDs, links to rollback steps, and integrates risk monitoring KPIs and alerts. Dashboards and persistent audit trails store decision logs, approvals, and incident reviews for compliance and audits.

When to use it

  • Before deploying or updating personalization rules, models, or impactful content variants.
  • During quarterly audits of consent, data usage, fairness, and performance metrics.
  • When investigating personalization incidents or policy breaches.
  • To formalize approvals and evidence for cross-functional decision-making.
  • When integrating personalization changes into CI/CD or deployment pipelines.

Best practices

  • Document legal, privacy, accessibility, and ethical constraints per channel before approving changes.
  • Define RACI for every change: architects, legal, security, product, and marketing.
  • Use unique change IDs to connect experiments, variants, and decision tree updates.
  • Automate governance checkpoints in CI/CD to prevent bypassing review gates.
  • Maintain KPIs and alerting for fairness, bias, consent violations, and performance regressions.

Example use cases

  • Submitting a change request to update personalization logic that increases revenue but may affect data usage.
  • Running a quarterly audit to verify consent records and fairness metrics across channels.
  • Responding to an incident where a personalization rule produced discriminatory results.
  • Approving localization and accessibility checks for region-specific content variants.
  • Linking experiment metadata and approval evidence to support regulatory audits.

FAQ

How does this skill prevent governance from blocking rapid iteration?

Use risk-based gates: low-risk changes follow lightweight review while high-impact updates require full RACI approval. Automate checks to keep fast feedback loops.

Can governance be integrated with deployment pipelines?

Yes. Embed governance checkpoints in CI/CD to require approval artifacts and automated QA before deployment, reducing the chance of bypass.