Practice English vocabulary for citizen developer governance: CoE app reviews, security reviews, DLP policies, app inventories, and governance by exception.
0 / 5 completed
1 / 5
What does 'the CoE reviews apps before production' mean?
A low-code CoE establishes standards and provides governance. Pre-production app review catches security issues (exposed sensitive data), performance problems, and policy violations before apps affect live business processes or real customer data.
2 / 5
What does 'the security review checks for data exposure' mean?
Citizen developers may not have security training. Security reviews of low-code apps look for: connectors with overly broad permissions, flows that log sensitive data, apps that expose data to wrong roles, or integrations that move sensitive data outside approved systems.
3 / 5
What does 'the DLP policy prevents sensitive data leaving the organization' mean?
Low-code DLP policies (available in Power Platform, for example) classify connectors as 'business' or 'non-business/blocked' and enforce rules about which connector groups can coexist in a single flow. This prevents data exfiltration via consumer connectors.
4 / 5
What is 'the app inventory that tracks all citizen-developed apps'?
Without an inventory, organizations have 'shadow IT' in their low-code platform — hundreds of undocumented flows and apps accessing sensitive systems. A governed app inventory makes all citizen development visible, enabling risk assessment and lifecycle management.
5 / 5
What is 'governance by exception' in a citizen developer program?
Governance by exception balances agility with control. Most citizen development proceeds without friction (within guardrails). When a maker needs a blocked connector or access to sensitive data, they request an exception — reviewed by the CoE. This avoids blocking innovation while maintaining oversight of high-risk activities.