Governance Pack

The Governance Pack adds accountability, audit trails, and compliance features to your Distil roadmap.

What Problem Does This Solve?

Without Governance Pack, acceptance decisions can be informal:

• PMs might accept cards without clear rationale
• There's no record of who decided what and when
• Cards can be changed or deleted without a trace
• Hard to justify decisions to leadership or auditors

Governance Pack fixes this by adding structure and accountability.

Key Features

1. Enforced Acceptance Rationale

What it does: You cannot accept a card without documenting why.

How it works:

• When you click "Accept," a rationale field appears
• You must enter at least one sentence explaining why
• The card won't accept until you provide rationale

Example rationale:

• "Requested by 8 enterprise customers in Q1. Blocking 2 deals."
• "Top feature request from user survey (52% of respondents)."
• "Strategic: Required for GDPR compliance."

Why this matters: Forces critical thinking and creates a paper trail of decisions.

2. Card Locking

What it does: Prevents changes to accepted cards after they're locked.

How it works:

• Admins can lock any accepted card
• Locked cards cannot be edited, deleted, or moved
• Only admins can unlock cards

Use cases:

• Lock cards after board approval
• Lock cards that represent legal/compliance commitments
• Prevent accidental changes to high-stakes decisions

Why this matters: Protects important decisions from casual changes.

3. Audit Trail

What it does: Logs every significant action on cards.

What's logged:

• Who accepted the card and when
• Acceptance rationale
• Who locked/unlocked the card
• Status changes (Needs Signal → Accepted → Ready)
• Push events (when card was sent to Jira/Linear)
• Major edits (title/description changes)

How to view:

• Open any card
• Click "History" tab
• See full timeline of changes

Why this matters: Essential for regulated environments and post-mortems.

4. Enhanced Integration Context

What it does: Jira and Linear issues include additional governance context.

What's included in pushed issues:

• Full acceptance rationale
• Accepted by (name and email)
• Accepted date
• Link back to Distil card

Why this matters: Engineers see why they're building something, not just what.

Who Needs This Pack?

Regulated Industries

If you're in healthcare, finance, or government, you likely need audit trails for compliance.

Example: FDA-regulated medical device company needs to justify every product decision with documented rationale.

Enterprise Teams

Large companies often need to explain roadmap decisions to executives, boards, or customers.

Example: VP of Product presents quarterly roadmap to board and must show data backing each commitment.

High-Stakes Products

If your roadmap decisions have legal, financial, or safety implications, you need accountability.

Example: Security software company must document why they prioritize certain vulnerabilities over others.

Process-Driven Teams

Some teams just prefer structure and documentation as a best practice.

Example: Product team wants to instill discipline and prevent rubber-stamping of feature requests.

Setting Up Governance Pack

1. Enable the Pack

1. Go to Settings → Packs
2. Find Governance Pack
3. Click "Enable" (or start free trial)
4. Confirm

2. Configure Settings

Acceptance rationale:

• Required (default): Cannot accept without rationale
• Optional: Rationale field shows but isn't required

Card locking:

• Admins only (default): Only admins can lock/unlock
• Disabled: Locking feature hidden entirely

Audit retention:

• Unlimited (default): Keep all history forever
• 1 year: Automatically archive history older than 1 year

3. Train Your Team

Make sure PMs know:

• Why rationale matters
• What makes good rationale (evidence-based, specific)
• When to lock cards (after board approval, for compliance items)
• How to view audit trails

Using Governance Pack

Accepting Cards with Rationale

1. Open a card in Needs Signal
2. Click "Accept"
3. Enter rationale (1-3 sentences explaining why based on evidence)
4. Click "Accept Card"

Good rationale examples:

• "Top requested feature in Q1 survey (67 votes). Blocks enterprise expansion per sales."
• "Legal requirement: CCPA mandates user data deletion within 30 days."
• "Strategic bet: Opens up SMB market segment per product strategy."

Bad rationale examples:

• "Good idea" (too vague)
• "CEO wants it" (no evidence of customer need)
• "Seems useful" (not backed by data)

Locking Cards

When to lock:

• After board or leadership approval
• For compliance or legal commitments
• High-value enterprise customer commitments
• When you want to prevent accidental changes

How to lock:

1. Open an accepted card
2. Click the lock icon (admins only)
3. Confirm locking
4. Card is now locked (read-only except for admins)

How to unlock:

1. Open a locked card
2. Click the unlock icon (admins only)
3. Provide a reason for unlocking (logged in audit trail)
4. Confirm

Viewing Audit Trails

1. Open any card
2. Click the "History" tab
3. See chronological log of all actions

What you'll see:

• "Accepted by Jane Doe on Jan 15, 2024"
• "Rationale: Top requested feature (12 customers)"
• "Locked by John Admin on Jan 16, 2024"
• "Pushed to Jira (PROD-123) on Jan 20, 2024"

This creates a complete record of the card's journey.

Integration with Jira and Linear

When you push cards to Jira or Linear with Governance Pack enabled:

Jira issues include:

• Original feedback
• Acceptance rationale
• Accepted by (PM name)
• Accepted date
• Link to Distil card

Example Jira description:

[Original feedback description]

---
✓ Accepted in Distil
Rationale: Top requested feature in Q1 survey (67 votes). Blocks enterprise expansion.
Accepted by: Jane Doe (jane@company.com)
Accepted: January 15, 2024

View in Distil: [link]

Why this matters: Engineers understand the why and see the data backing the decision.

Compliance Use Cases

ISO 27001 / SOC 2

Governance Pack helps with:

• Change management (audit trail of decisions)
• Access control (card locking prevents unauthorized changes)
• Documentation (required rationale creates paper trail)

FDA / Medical Devices

Governance Pack helps with:

• Design controls (documented rationale for design decisions)
• Risk management (lock high-risk decisions)
• Traceability (full audit trail from feedback to implementation)

GDPR / Data Privacy

Governance Pack helps with:

• Accountability principle (clear record of privacy decisions)
• Documentation requirements (rationale for data handling changes)
• Auditing (trail of who approved what changes)

Note: Governance Pack provides tools for compliance, but doesn't guarantee compliance. Consult your legal/compliance team for specific requirements.

Governance Pack Limits

What's included:

• Unlimited cards with rationale
• Unlimited audit history (default)
• Unlimited locks

What's not included:

• Multi-level approval workflows (single approve step only)
• External approval integrations (Slack, email)
• Custom fields for compliance metadata

If you need advanced governance features, contact sales about Enterprise options.

Pricing

Governance Pack pricing varies by plan:

• Growth plan: $X/month per workspace
• Enterprise plan: Included or custom pricing

See Plans Explained for current pricing.

Best Practices

Write Rationale for Humans

Your future self and teammates should be able to read rationale 6 months later and understand why the decision made sense.

Good: "Customer retention data shows 40% of churned users cited missing SSO. Top request from enterprise segment (18 mentions in sales calls)."

Bad: "Customers want it."

Lock Sparingly

Don't lock every accepted card. Reserve locking for:

• Board commitments
• Compliance/legal requirements
• High-value customer commitments

Over-locking creates rigidity.

Review Audit Trails During Retros

During retrospectives, review audit trails for major cards:

• Did our acceptance rationale hold up?
• Did we learn anything that invalidates the decision?
• Should we adjust our evaluation criteria?

This helps improve your signal detection over time.

Combine with Visibility Pack

Governance Pack + Visibility Pack = Transparent, accountable roadmap.

Show customers:

• What you're building (Visibility Pack)
• Why you're building it (Governance Pack rationale)
• Who made the decision (Governance Pack audit trail)

This builds trust.

Common Questions

Can I add rationale to old cards?

Yes. If you enable Governance Pack, you can go back and add rationale to previously accepted cards. It won't be required retroactively, but you can fill it in.

Can I edit rationale after accepting?

Yes (unless the card is locked). Rationale edits are logged in the audit trail.

Who can see audit trails?

All workspace members can view audit trails. They're not restricted to admins.

What happens if I disable Governance Pack?

• Existing rationale remains visible on cards
• Locks are removed (all cards become editable)
• Audit trail becomes read-only (preserved but no new entries)
• New acceptances don't require rationale

You can re-enable anytime and everything comes back.

Next Steps

• Enable Governance Pack - Start free trial
• What 'Accepting' Really Means - Philosophy of acceptance
• Visibility Pack - Share your governed roadmap publicly