Governance - reviews, approvals, audit

Proposed. Reviewed. On the record.

Some changes shouldn’t land until the right people have said yes. Foldr Governance puts that sign-off right where your files already live: multi-step approvals, reviewer pools per share, deadlines that escalate themselves, and an audit trail of every request, step and decision that no one can quietly rewrite. Start with the approvals engine; add Governance when you want files classified by sensitivity and the risky ones routed for review.

Finance / Payables / 2026 In review
Invoice 10042 – Acme Ltd.pdf
Rule: amount > £10k Classified: Commercial Due in 2 days
Approval chain
  • 1 Line manager (any one) Approved Mon
  • 2 Finance reviewers (quorum of 2) 1 of 2
  • 3 Compliance (classification) Waiting
Requester can’t self-approve · every decision audited
Features

Sign-off built into your files, not bolted on beside them.

Governance runs on the same shares, permissions and custom fields as the rest of Foldr. The thing under review is the file itself, the reviewers come from the directory you already use, and the audit trail lives in the same activity log as everything else.

Routing rules that catch the right things

Match by trigger and priority: a document’s classification, a specific custom-field change, or any change on a share. The rule decides what needs sign-off and who it goes to, so the right items are held and everything else flows straight through.

Multi-step approvals

Build a chain of steps, each cleared by any one reviewer, by everyone, or by a quorum of N. A proposed field change is held until its reviewers sign off, and only then does it commit. Nothing lands half-approved.

Reviewer pools, split by job

Assign who approves field changes and who approves classification routing independently, granted globally or per share. Every reviewer is scoped to files they can already read, so review never widens access.

Deadlines and escalation

Due-in timers on every step, automatic hand-off to a fallback approver when a deadline passes, and a scheduled sweep that chases overdue requests. Approvals don’t quietly stall.

Actions when a decision lands

On approve or on reject, run a MaSH automation, send a notification, or move the file the moment the outcome is recorded. The decision is the start of the next step, not a dead end.

No self-approval, fully audited

A requester can never approve their own change. Every step records who decided, when and why, and the whole request carries a tamper-evident audit trail. Approvals waiting on you surface in Shared with me.

How it works

Catch it, route it, decide it, keep the record.

A change or a document is held the moment it matches a rule, routed to the right reviewers, and committed only when they sign off.

1 · Route

A rule catches the change

Author routing rules matched by trigger and priority: a classification, a specific custom-field change, or any change on a share. When something matches, it’s held for review instead of landing straight away, and sent to the reviewer pool you nominated.

2 · Review

Reviewers sign off, step by step

Each step clears by any one reviewer, by everyone, or by a quorum of N. Reviewers see only files they could already read, the requester can’t approve their own change, and approvals waiting on someone surface in their Shared with me.

3 · Decide

The outcome commits, and acts

On approval the change lands; on rejection it doesn’t. Either way, on-approve and on-reject actions can run a MaSH automation, notify, or move the file, and the whole decision is written to a tamper-evident audit trail.

+ Deadlines

Nothing stalls in a queue

Every step carries a due-in timer. Miss it and the request hands off to a fallback approver automatically, while a scheduled sweep chases everything overdue. The work moves whether or not someone’s watching the queue.

+ Classify

Classification can raise its own review

With the Governance add-on, detectors classify files as they’re indexed, by sensitivity or retention category. A classification can itself raise a review, routing a file that looks sensitive to a designated reviewer to confirm or reclassify, through the very same engine.

+ Disclose

And when the request is a legal one

A subject access or FOI request gets a case with the statutory clock built in, running on this same machinery: collection from your shares and mailboxes, review with reasons, redaction, and a disclosure bundle out the door. More on Disclose below.

Disclose

“Every file you hold about me, please.”

A subject access request turns governance from policy into a deadline: someone is entitled to what you hold about them, and the clock starts the day the request arrives. Disclose gives that request a case of its own in Foldr, collects from the sources you point it at, and walks the results through review and redaction to a bundle you can actually send.

1 · Collect

One case, every source

Open a case for the request and point it at the shares and mailboxes that could hold something relevant (mail collection stays inside an allow-list your administrator controls). Everything found lands in the case, together, rather than in a folder tree someone assembles by hand.

2 · Review

Keep, exclude, and say why

Work through the results in a single review table, or decide right in the viewer while reading the document. Keep what’s disclosable, exclude what isn’t, record the reason, and have a second pair of eyes sign the case off before anything leaves the building.

3 · Redact

Redact the copy, keep the original

Third-party names and details are covered on a converted copy, never on the original, and document metadata is scrubbed on the way out. Grace can suggest what needs covering; a person makes the call.

4 · Disclose

Out the door, on the record

Generate the disclosure bundle with a manifest of what went out and what was withheld. Public bodies answering freedom of information requests get an FOI preset with the exemptions framed that way instead. The whole case sits on the same audit trail as the rest of Governance.

Reviews vs Governance

An approvals engine, and an add-on on top.

The approvals engine is the foundation: routing rules, multi-step sign-off, deadlines, on-decision actions and the audit trail. Governance is the add-on that layers classification and policy on top, detectors, sensitivity labelling and retention, and the reviews a classification can raise by itself. It rides the same engine, so Governance always includes the approvals underneath; you never get classification routing without the sign-off that acts on it.

Same permissions, same shares

Review never widens access.

Reviewer pools are assigned globally or per share, and split by job: who approves field changes and who approves classification routing are set independently. Whichever pool they’re in, a reviewer only ever sees a file they could already open. Sign-off adds a gate in front of a change; it never hands anyone a key they didn’t already hold.

With the rest of Foldr

Sign-off is a step in a workflow, not an island.

Because a review acts on a real file with real custom fields, the rest of Foldr is right there with it. Captur extracts the fields that a rule keys off. Search and Grace see the same documents and decisions. MaSH runs the moment an approval or rejection lands, routing, reconciling, or kicking off whatever comes next.

Curious whether Foldr would fit?

Try it free for 30 days, no credit card. Or get in touch about self-hosting.