Governance Engine

Governance Engine is a service that is deployed on the customer’s on-premises infrastructure and operates under the customer’s exclusive control.

Combined with the HSM Signer, which are also deployed on the client side, Governance Engine enables real-time verification of all requests processed by IBM Digital Asset Haven. Governance Engine ensures that each request corresponds to a valid, user-approved intent and complies with defined policies before the request is signed.

This architecture allows the customer to independently verify system behavior. Any deviation from expected or approved operations can be detected, and unauthorized signing requests can be stopped before a signature is generated or submitted to the blockchain.

Governance Engine validates the integrity of critical data in the database, including user accounts and credentials. It ensures that all modifications to governed records are authorized through properly signed user intent. Any unauthorized changes within the IBM Digital Asset Haven infrastructure are detected and rejected.

If this validation fails, Governance Engine does not authorize the request, and HSM Signer does not perform the signing operation. This control ensures that only approved and compliant operations are executed.