Concept | Sign-offs in workflows of Govern items#

Govern items have a workflow defined by their governance template. Those workflows include steps, and those steps can have attached sign-offs.

The value of sign-offs#

Throughout the lifecycle of an AI project, it can be valuable to collect feedback from various stakeholders. In fact, one might argue that scaling trust in AI requires unified oversight.

Rather than relying on ad hoc decisions, formalizing a system of reviews clarifies whose input is required, for what reason, and at which stage of a project. Instituting a system of reviews has the potential to slow down those building a project. However, a standardized feedback process built around sign-offs can bring many benefits including:

  • Greater internal awareness of projects.

  • Increased confidence in development and production processes.

  • Improved oversight of AI systems.

  • Reduction of risk and unexpected objections or issues at later stages.

Sign-offs for secure MLOps#

An advanced license allows administrators to configure sign-offs as needed in many possible ways. However, in the standard template, you’ll encounter sign-offs in two items: Govern bundles and Govern model versions.

The Review workflow step for both of these items, according to the standard template, includes a mandatory sign-off. As a mandatory sign-off, users can’t progress to the item’s next workflow step without a final approval.

Sign-offs such as these are key to gating deployment processes for secure MLOps. Without a final approval, it’s possible to prevent the (or warn about) the deployment of unapproved bundles or model versions.

You can achieve this outcome by combining the sign-off with the deployment infrastructure’s Govern policy. According to this policy, the instance administrator can configure how a deployment infrastructure should handle an unapproved package. Here, an unapproved package is any bundle or API service without an approval from a sign-off in the Govern node.

In the image below for example, a user attempts to deploy a bundle to an Automation node:

  • This v1 bundle, however, hasn’t received an approval from a sign-off in the Govern node.

  • The instance administrator has set the Govern policy on the infrastructure receiving the deployment attempt to prevent unapproved packages.

  • Therefore, the user sees a notification that the bundle hasn’t been approved, and so deployment can’t proceed.

Dataiku screenshot of the dialog for an invalid governance status.

Tip

Secure MLOps may be the most common use case for sign-offs, but it’s not the only one. Using the Blueprint Designer, organizations with advanced licenses can incorporate sign-offs wherever they add value. For example, an organization might attach a sign-off to the Qualification step of a Govern project, thereby requiring approval before a project can advance to the In Progress step.

Types of reviews#

Sign-offs can include two types of reviews: feedback reviews and final approvals.

Feedback

Feedback reviews are optional. They’re useful for gathering input and suggesting improvements. They also provide additional information to help final approvers make informed decisions. By default, IT & Operations, Risk & Compliance, and Business reviewers are three ready-made categories of reviewers. Advanced license holders can change these categories in the Blueprint Designer.

Final approval

Only the final approval determines whether an item can advance in its workflow to the next stage. Moreover, from a deployment perspective, the Deployer only recognizes the state of the final approval.

Tip

Both feedback reviews and final approvals provide a history of authorization that keeps processes transparent, traceable, and accountable.

Using the sign-off process#

A brief walkthrough of the key moments in a review cycle should clarify these concepts.

Selecting reviewers#

The first step to using a sign-off is choosing which groups or users should complete the reviews.

  1. According to the standard template, the Overview of a Govern project includes a section on Sign-off reviewers and approvers.

  2. You can designate specific users or groups to provide feedback in different default categories, such as IT & Operations. Feedback from every group isn’t mandatory.

  3. Only the feedback from the Final approver determines whether the item under review can advance in its workflow.

Dataiku Govern screenshot of the Sign-off reviewers and approvers section of the project overview.

Requesting feedback#

Once you’ve designated reviewers, you can request their feedback. Note the following points about the screenshot below.

  1. It depicts a Govern bundle following the standard template.

  2. The Review step of its workflow is in progress.

  3. However, the Sign-off attached to the Review step hasn’t started.

  4. It’s possible to Delegate the reviews to other users or groups that may be better suited to perform the review.

  5. As the standard template defines this as a mandatory review, until the sign-off earns a Final approval, you won’t be able to advance the item to its next workflow step.

  6. Once you click Request Feedback, you’ll be able to notify selected reviewers.

Dataiku screenshot of the Review step of a Govern bundle not having started.

Waiting for feedback#

Once you’ve started the feedback process, the notified parties have an opportunity to provide a review. Note the following points about the screenshot below.

  1. It depicts a Govern model version following the standard template.

  2. The Review step of its workflow is in progress.

  3. The Sign-off attached to the Review step is waiting for feedback.

  4. IT & Operations have submitted positive feedback; two other departments haven’t yet submitted feedback.

  5. Even so, you can initiate the final approval process by clicking Request Final Approval.

Dataiku screenshot of the Review step of a Govern model version waiting for feedback.

Granting final approval#

According to the standard template, only the result of the item’s final approval impacts the ability to advance its workflow. Similarly, the Deployer only takes into account the status of the final approval when determining whether to accept, reject, or issue a warning about a package.

  1. In the image below, the model version received a positive Final approval.

  2. The Review step indicates this approval.

  3. The successful final approval made it possible to advance the item to its next workflow step, in this case, Deployment.

Dataiku screenshot of an approved Govern model version.

Tip

Having received a final approval, an error message like the one shown above wouldn’t appear if trying to deploy this item.

Next steps#

Having seen this introduction to reviews and sign-offs in the Govern node, try it for yourself in Tutorial | Governance lifecycle.