When we talk about policy within the paradigm of Sonatype CLM, we refer to it as a way to identify and reduce risk through a concise set of rules for component usage. These rules can be used to assist at every step of the component and development lifecycle, and can be customized for specific applications and organizations. In general, policy, within the context of Sonatype CLM, is a broad term used to encapsulate:

In some ways rules as a description is a bit generic, so let’s dig a bit deeper, and look at another concept you are likely familiar with, an "If/Then" statement.