Lower environments - that is, development (dev), quality assurance (QA), and user acceptance testing (UAT) - display a list of policies from Data In Motion (DIM) data sources like Symantec Data Loss Prevention (DLP) that differ from the same list in your upper environment (that is, production). This occurs even when the same data sources have been integrated into all environments.

These policy lists are displayed in the Risk Fabric console under Admin > Settings > Policy and Admin > Settings > Data In Motion > Policies.

Release : 6.x

Component : Policies

Historical differences in the maintenance, purging, and rebuilding of lower environments compared to production environments can lead to extant policies in one environment that are missing from others.

Information Centric Analytics (ICA) will import a list of all DIM policies from integrated data sources, including those that have been deleted in the source system and those that are not enabled within ICA.

Note that Symantec DLP will maintain a record for each deleted policy. Deleted policies are marked as deleted, but remain queryable, and ICA extracts a full list of DLP's Policy table.

If you wish to establish or re-establish parity between environments, the recommended procedure is as follows:

1. Purge all Symantec DLP data from the data source in question.
2. Update the watermarks for the data source to match the date range of incidents in your reference environment.
3. Run the nightly Risk Fabric Processing job to re-import all incidents, policies, and ancillary data from the data source in question.