An organization may contain a plurality of logical or physical entities. Examples of logical or physical entities include computers or computer systems or any other device. Policies may be used to order and regulate entities. An example of a policy might be a requirement that all computers have a back-up drive. Policies developed by different individuals often overlap and conflict and it may be uncertain as to which entities a policy applies. Confusion regarding policies may be further exacerbated by uncertainty as to who may develop or modify policies. Thus policies or parts of policies may be invalid, making the enforcement of policies confused and problematic. Further complicating policy enforcement, policies are often maintained at different locations which may make policies difficult to access for updating or verification.
Policies are often implemented through a combination of computer-based development and manual intervention. For example, an information technology (IT) administrator may receive or develop a set of policies regarding minimum computer specifications for computers. The administrator may then obtain a list of computers which do not comply (i.e. are non-compliant) with a policy from a database (or other data repository) by querying for non-compliant computers using sets of structured query language (SQL) statements or other database query language statements. These SQL statements may have to be written by the administrator: consequently, a large and complex set of query statements may have to be written. In the alternative, the administrator may physically compile a list of non-compliant computers. Either of the above methodologies of developing a list of non-compliant computers is time-consuming, cumbersome, complex or prone to error. The list may be used as a to-do list for the physical updating of the non-compliant computers. Because an individual updates entities according to a physical list, there may not be an adequate mechanism by which an administrator or manager can track the progress of updating non-compliant computers.
As is demonstrated by the above examples, policies may not be developed or implemented in a coordinated manner. Furthermore, because some implementations of the process may require querying a database, the above methods may require the use of specialized knowledge, increasing the complexity of the above process.