Certification policies allow you to produce a comprehensive view of your organization's compliance with specific certification controls, such as Sarbanes-Oxley Act (SOX) or Health Insurance Portability and Accountability Act (HIPAA). A global, review, or data administrator creates certification policies against review definitions and Identity Governance evaluates the review items and other criteria defined in the policy and reports violations. From the Overview, Catalog > Identities and Certification pages, you can drill down to see specific violations to policies when they exist.