Certification policies allow you to produce a comprehensive view of your organization's compliance with specific certification controls, such as Sarbanes-Oxley Act (SOX) or Health Insurance Portability and Accountability Act (HIPAA). A Customer, Global, Review, or Data administrator creates certification policies against review definitions and Identity Governance evaluates the review items and other criteria defined in the policy and reports violations. From the Governance Overview dashboard, Identities catalog, and Certification page, you can drill down to see specific violations to policies when they exist.