SYSTEM Cited by 1 source

Policy Zone Manager (PZM)

Definition

Policy Zone Manager (PZM) is the UX and automation suite Meta built on top of Policy Zones to make purpose-limitation rollouts tractable across Meta's infrastructure. A single requirement can involve "hundreds or thousands of engineers" across dozens of systems; PZM is the tool that the requirement owner drives to stand up the enforcement end-to-end.

Four-step workflow (from the 2024-08-31 post)

1. Identify relevant assets — pinpoint the source data assets subject to the requirement (request parameters, database entries, event log entries). "In addition to manual code inspection, we heavily rely on various techniques such as our scalable ML-based classifier to automatically identify data assets" — integrated via systems/meta-data-classifier.
2. Discover relevant data flows — use data lineage to find multiple downstream sinks at once (the post: "allowing requirement owners to discover multiple downstream assets from a given source simultaneously"). Lineage is kept as the discovery primitive even though it was rejected as the enforcement primitive — Policy Zones takes over enforcement once the integration is in place.
3. Remediate data flow violations — PZM surfaces the three remediation options as a UX choice:
   • Safe flow: annotate the sink with the same label.
   • Unsafe flow: block data access and code execution.
   • Reclassified flow: mark as not-actually-used/propagated.
4. Continuously enforce and monitor — PZM provides "a set of verifiers to check the accuracy of asset annotations and control configurations" once a requirement is live. The rollout follows the logging-mode → enforcement-mode progression so flow violations are surfaced and remediated before any blocking happens.

Role in PAI

PZM is the tooling layer that the post explicitly calls out as load-bearing for Policy Zones adoption: "We have made significant efforts to ensure the use of PAI is easy and efficient, ultimately improving the developer experience … These tools guide teams through standard workflows, ensuring safe and efficient rollout of purpose limitation requirements and reducing engineering efforts by orders of magnitude."

Seen in

• sources/2024-08-31-meta-enforces-purpose-limitation-via-privacy-aware-infrastructure — canonical wiki source.

Related

• systems/meta-privacy-aware-infrastructure — umbrella initiative.
• systems/meta-policy-zones — the enforcement primitive PZM drives.
• systems/meta-data-classifier — Step-1 auto-discovery input.
• concepts/data-lineage — Step-2 discovery primitive.
• concepts/data-annotation — Step-1/3 output.
• patterns/logging-mode-to-enforcement-mode-rollout — the rollout discipline PZM encodes.
• companies/meta