Quorum Policies

Data Protection on Demand (DPoD)

Overview

Quorum is an authorization policy that requires approval from multiple stakeholders before critical operations (e.g., deleting or disabling a service instance) can proceed. Tenant Admins are able to disable and re-enable quorum policies directly from the DPoD Management Console following the proper approval process. This prevents accidental or malicious actions by enforcing multi-party consent.

Key features:

• Pre-approval or Revocable Authorization:

  • Time-limited, single-use: Requires approval before an operation (e.g., for irreversible actions).

  • Approved until revoked: Authorization remains active until manually revoked.

• Audit Logs: All quorum actions are recorded for transparency.

• Notifications: Email alerts keep stakeholders informed at every stage.

Enabling a Policy

Initially, all policies are disabled, and enabling a policy does not require a quorum. Once enabled, a policy cannot be disabled or edited without a quorum.

Once a quorum policy has been disabled, a Tenant Admin can re-enable it at any time directly from the Policies page. Re-enabling a policy does not require quorum approval — it takes effect immediately.

When re-enabling a policy, the Tenant Admin can configure the policy parameters (such as minimum approvals) as needed. A full log history of enable/disable changes are maintained for each policy.

Disabling a Policy

Disabling a quorum policy removes the quorum enforcement for a specific operation. Because this is a sensitive action, disabling a quorum policy itself requires quorum approval before it can take effect.

Steps:

1. Navigate to the Policies page in the DPoD Management Console.
2. Select the quorum policy you wish to disable.
3. Select Disable Policy.
4. A quorum request is automatically created, and email notifications are sent to the designated approvers.
5. Once the required number of approvers have approved the request, the policy is disabled.

Approval Requirements

The quorum approval required to disable a policy uses the same approval threshold and members defined in the policy being disabled.

Example: If the policy you want to disable requires approval from 3 out of 5 designated quorum members, then 3 of those same 5 members must approve the disable request.

Impact on Active Quorums

Disabling a quorum policy has immediate effects on any in-flight quorum activity associated with that policy:

Scenario	Result
A quorum approval request is pending (waiting for votes).	The pending request is automatically cancelled.
A quorum has already been approved but not yet executed.	The approved quorum is automatically cancelled.

Supported Policies

The following platform policies are available for subscriber tenants (not service providers):

Policy Name	Description
Delete Service	Prevents accidental or malicious deletion of service instances. (excludes third party marketplace services)

Roles and Permissions

Policy Management

Administrators may:

• Enable quorum policies for the tenant.

• Disable quorum policies for the tenant.

• Re-enable quorum policies for the tenant.

• Set the minimum number of approvers when enabling a policy.

Members of the Approval Group may:

• Vote on quorum requests.

• Re-vote (change their vote) until the quorum is approved or rejected.

• Cancel a quorum request if they are the request creator.

Procedures

Requesting a Quorum

When Quorum is enabled for service deletion, users attempting to delete a service without approval will be presented with a Create Quorum Request dialog to select an Operation Validity Period and provide an optional note.

If Set Time Period is selected:

1. Specify a start and end time for the period in which the approval can be used to perform the operation.

2. (Optional) Add a comment explaining the reason for the request.

3. Click Request

If Until Revoked is selected:

1. (Optional) Add a comment explaining the reason for the request.

2. Click Request.

In both cases, once approved:

• You will receive a notification email informing you that the quorum has been achieved.

• You can then manually proceed with deleting the service.

Canceling or Revoking a Quorum Request

To cancel a quorum request before it is approved:

1. Navigate to the Quorum Requests section under your user profile.

2. Locate the quorum request you want to cancel.

3. Click the Cancel or Revoke button as applicable.

Voting on a Quorum Request

Quorum requestors implicitly vote for their request. To vote on a quorum request:

1. You will receive an email notification when a quorum request requires your vote.

2. Navigate to the Quorum Requests section under your user profile.

3. Locate the quorum request that requires your vote.

4. Review the request details and any comments provided.

5. Click either Approve or Reject.

6. (Optional) Add a comment explaining your vote.

7. Click either Approve or Reject.

Notifications

Emails are sent to stakeholders at key events:

Event	Recipients	Purpose
Quorum requested	Requestor and all approvers	Inform about the request details.
Quorum approved	All users	Notify that the quorum is achieved and the user can proceed with the operation.
Quorum rejected	Requestor and all approvers	Notify of rejection and reason (if provided).
Quorum expired	Requestor	Alert that the quorum expired without action.
Quorum revoked/closed	All users	Confirm revocation or closure.
Quorum disabled	Requestor	Confirm quorum is disabled.
Quorum canceled	Requestor	Inform that quorum is canceled due to policy disablement.

Audit Logs

All quorum-related actions are logged for accountability:

Action	Details Captured
Policy enabled/disabled	Policy name, admin, timestamp.
Quorum requested	Requestor, operation, comment.
Vote cast/changed	Voter, vote (approve/reject), timestamp.
Quorum canceled	Canceled by, timestamp.
Quorum approved/rejected	Result, timestamps, voter details.
Quorum expired/revoked	Timestamp, requestor.

For more audit logging information please refer to the Audit Logging section.