[Webinar] Master Snowflake: Control Without Compromise
Save Your Spot ›

Policy Checks

Prevent risky schema change before it ships.

Policy checks are automated rules that evaluate a database change before deployment. They enforce standards early, reduce late stage surprises, and create a consistent record of what was checked and what passed. If Database Change Governance is the discipline, policy checks are the first control point.

Explore Database Security
Explore Developer Self Service
Learning Center
Policy Checks
Drift Detection
Rollback and Recovery
Audit Evidence Automation
AI Governance for Schema Change
Related Content
Heading H2

Why this matters

Most database incidents start as preventable patterns: unsafe operations, missing guardrails, permission changes, or inconsistencies that only show up late in the pipeline. Catching these issues before deployment is faster, safer, and easier to scale.

Common failure modes

  • A risky operation reaches production because standards differ by team or repo
  • A change bypasses required review or approval steps
  • Controls are enforced manually, so outcomes vary by person and time pressure
  • Security requirements exist, but they are not encoded and enforced consistently

What good looks like

Policy checks run automatically in delivery workflows. Violations are surfaced early. High risk changes can require explicit approval. Results are recorded as part of the change record so teams can prove what happened later.

Database Change Governance metrics this pillar improves

  • Mean Time to Detect (MTTD): improves because violations are detected before deployment, not after incidents.
  • Automated Control Coverage (ACC): improves because controls are enforced consistently through automation.

What policy checks can enforce

  • Risky operations and unsafe patterns
  • Standards for naming, labeling, and change hygiene
  • Rules for permissions and sensitive object
  • Approval requirements for high risk change
  • Environment specific guardrails for production readiness

Implementation approach

Start small and expand.

  1. Identify your highest risk patterns and control requirements
  2. Define a starter policy set that is high confidence and low noise
  3. Run policy checks on every change in CI, not only right before production
  4. Tighten over time by adding rules and approval paths as teams mature
  5. Treat policies as versioned assets reviewed like code

Governance workflows and GRC alignment

Policy checks are most effective when enforcement and documentation are connected to your existing governance processes. Many teams map policy checks to internal control requirements and route approvals or exceptions through GRC workflows, including systems such as ServiceNow.Common patterns include:

  • Recording policy outcomes as control evidence
  • Routing high risk changes for approval based on policy results
  • Tracking exceptions with an owner, an expiration date, and a reason code

See policy checks in action

If your priority is preventing unsafe change and proving controls, start with Database Security.
Database Security

FAQ

What is a policy check?

A policy check is an automated rule that evaluates a proposed schema change before it runs.

How is this different from code review?

Code review is human and variable. Policy checks are automated, consistent, and repeatable.

Can policy checks connect to GRC workflows like ServiceNow?

Yes. Many organizations route approvals, exceptions, and evidence into existing governance workflows, including GRC systems such as ServiceNow.

Will policy checks slow developers down?

Most teams see the opposite. Checks catch issues earlier and reduce late-stage rework, failed deployments, and rollback fire drills.

What should we check first?

Start with the highest-risk patterns: destructive operations, permission changes, and anything that has caused incidents or audit findings before.

Why Liquibase
Community vs SecureDatabase DevOpsWhat is Liquibase?Liquibase vs Flyway
Products
Liquibase SecureSupport & ServicesSupported DatabasesPricing
Solutions
Compliance & AuditDatabase SecurityDeveloper Self-ServiceObservabilityAI-Ready DatabasesPublic SectorAWS
Resources
DownloadsDocsUniversityBest Practice GuidesWhitepaperseBookReportsVideos & WebinarsCase StudiesBlog
Community
ContributorsContribute CodeShare ExpertiseAdvocateSupportLiquibase LegendsLegends Badges
Company
CompanyContact UsCareersLeadershipPartnersCustomer LovePressPartnersNewsEvents
GitHub direction linkLinkedin direction linkX direction linkYouTube direction linkDiscord direction linkReddit direction link

© 2023 Liquibase Inc. All Rights Reserved.Liquibase is a registered trademark of Liquibase Inc.(737) 402-7187