PolicyIQ

PolicyIQ streams data access events to detect compliance risks and update Tableau dashboards in real time

Inspiration

Modern organizations generate massive amounts of data, but governance and compliance often lag behind usage. We noticed that most tools analyze data after incidents occur. We wanted to flip that model—govern data access in real time, where decisions actually happen, and surface insights directly in analytics tools teams already use.

What it does

How we built it

PolicyIQ was built as a microservice ingestion and governance platform:

Real‑time ingestion
Access events flow into an ingestion API and are buffered by a durable queue.
Stream processing
Events pass through validation, enrichment, compliance checks, and anomaly detection—each as an independent service.
Risk & anomaly scoring
We compute explainable risk scores using lightweight statistics, for example: [ z = \frac{x - \mu}{\sigma} ] where unusual access behavior is flagged when ( z ) exceeds a threshold.
Governed analytics output
Only curated, policy‑aware events are written to the analytics layer and visualized in Tableau.
Live dashboards
Tableau dashboards update automatically, turning raw access activity into real‑time compliance insight.

Accomplishments that we're proud of

Schema uncertainty: Different systems emit different logs. We solved this by defining a single canonical access‑event model.
Reliability vs. simplicity: Hackathons favor speed, but governance demands correctness. We balanced both with lightweight persistence and clear service boundaries.
Real‑time analytics limits: Tableau isn’t millisecond‑real‑time, so we designed for near‑real‑time updates that still feel live and actionable.
Explainability: Risk scores had to be understandable to auditors, not just accurate.

What we learned

Building PolicyIQ taught us how enterprise data platforms are designed in practice, not just in theory. Key learnings included:

Why canonical event schemas are essential to decouple systems.
How event‑driven architectures improve reliability and auditability.
The importance of explainable risk scoring, not black‑box AI.
How Tableau works best with clean, governed, analytics‑ready data.

We also learned that operational maturity—health checks, retries, DLQs—matters just as much as dashboards.

What's next for PolicyIQ

PolicyIQ showed us that governance doesn’t have to slow data teams down. By embedding compliance directly into the data flow and analytics layer, we created a system that is proactive, transparent, and enterprise‑ready—yet simple enough to demo in a hackathon.