- In the Policies pane, click Add Policy.
- Specify a name for the policy.
Specify the policy type (fixed or gated).
Panel borderColor #0079be titleColor #ffffff borderWidth 1 titleBGColor #0079be borderStyle solid title Types of Policies
A gated policy can be parameterized so that you can establish different thresholds at different gates and different points in time.
A fixed policy cannot be parameterized in this way; it is always applied in the exact same way.
For example, you might have a defect prevention policy requiring compliance to an increasingly strict set of static analysis rules as the SDLC progresses: maybe the initial phase might require compliance only to severity 1 rules, but compliance to severity 1-3 rules must be achieved by code freeze.
Specify metadata, such as version, description, author, and approval information.
Panel borderColor #0079be titleColor #ffffff borderWidth 1 titleBGColor #0079be borderStyle solid title Policy Definition Best Practices
Document policies in natural, understandable human language within the context of the associated business goals. For example, if you want a policy that requires all methods to be unit tested, benefits to the business should be clearly described.
Quantifying risk is an important step in achieving a credible and compelling reason for action. For example, this might involve quantifying the cost of an outage or understanding the impact to brand equity in quantifiable terms. Far too often, the concept of software quality is addressed in a "fluffy" manner of fear, uncertainty, and doubt rather than of known quantifiable impacts. With an understanding of business demands, development teams can then focus their efforts on the aspects of the application that are truly most important to the business.
- Click Edit in the Practices are section and add any practices you need to enforce the policy. DTP Enterprise Pack does not ship with any practices pre-installed. You must download, install, and deploy them to your DTP environment (see Downloading and Installing Artifacts). You can add any number of practices, and you can add a single practice multiple times, each with different practice success criteria. See Policy Center Practice - Static Analysis.
- Define the conditions (thresholds) that must be met for the project to be compliant with the policy and click Done.
- Specify whether this policy should be applied across all projects, or associated only with specific projects. To limit the policy to specific projects:
- Click Selected Projects in the Projects area.
- Click Edit and move each applicable project to the left side of the page.
- Click Done.
Click Delete to delete the policy.