Data & AI on Databricks · Governed Data Platform

Anyone can hold the data. The question is whether you can prove who touched it.

We build governed data platforms on Databricks with Unity Catalog at the core — one set of access controls, column-level lineage and a full audit trail across every table, dashboard and AI agent. Plus real-time analytics on Databricks SQL. When a customer's risk team or a regulator asks where a number came from and who could see it, you have the answer, not a project to go find it.

Unity Catalog · Column-level lineage · Databricks SQL · ISO/IEC 27001:2022
Unity Catalog — the control planeAccessLineageAudit
every consumer passes through the controls
Governed data — tables, files, models no ungoverned copy
People & BIData ScienceAI Agents
Why it matters

Governance falls apart in the gaps between systems.

Most organisations don't lack governance policies. They lack governance that's actually enforced at the point the data is used — and every gap between a warehouse, a lake, a BI tool and an AI model is a place where the policy and the reality drift apart.

01Permissions live in five places

One set of rules in the warehouse, another in the lake, a third in the BI tool, a fourth wherever the AI runs. Nobody can say, in one place, who can see what.

02"Where did this number come from?"

The question that ends meetings. Without lineage, tracing a figure on a dashboard back to its source is archaeology — days of work, and you're still not sure.

03The audit trail doesn't exist

Who accessed the customer table last quarter? If the honest answer is "we'd have to reconstruct it," you're not ready for the audit that's coming.

04Governance stops at the tables

Even well-governed data becomes ungoverned the moment an AI agent reads a copy of it. The controls have to reach the model, or they don't count.

What we do

One catalog, over everything.

Access control

One place to decide who can see and do what — down to the row and the column — across every table, view and dashboard. Fine-grained, attribute-based, and the same whether the reader is a person, a query or an agent.

Person · query · agent — one rule

Lineage

Automatic, column-level lineage from source to dashboard. Every field traces back to where it came from and forward to everything it feeds — so "where did this come from?" is a click, not a project.

Source → dashboard, captured automatically

Audit

A complete, queryable record of who accessed what, when, and how. The trail an auditor asks for first — already there, not reconstructed under pressure.

Who · what · when — already queryable

Real-time analytics

Databricks SQL serving governed data to your BI and your analysts at warehouse speed — the same governed tables, queried live, with none of the controls left behind.

Governed tables, queried live
How it works

One control plane over data, analytics and AI.

Unity Catalog sits above everything — the raw tables, the curated tables, the dashboards, the notebooks and the agents — and governs them from one place. Every consumer, human or machine, goes through the same set of controls. There is no side door where an AI model reads an ungoverned copy, because there is no ungoverned copy.

Unity Catalog — the control plane
Access controlLineageAuditDiscovery & tags
every arrow below passes through the controls above — no side door
Governed data · on the Lakehouse
Bronze / Silver / GoldTables & viewsFiles & volumesModels & features
every consumer authenticates & is authorised by the same catalog
People & BI
analysts, dashboards, Databricks SQL, Power BI
Data Science
notebooks, jobs, feature pipelines
AI Agents
AgentBricks — governed at the same controls, no copy

The AI agent is governed by the same catalog as the analyst. That's the part no one else closes.

Databricks product boundary shown for clarity; we design, implement and operate the governance model on it.

Permission walk-through — pick a role, see what it can reach
The click, not the project

Every number, traced from source to screen.

Column-level lineage is captured automatically as data moves through the platform. Pick any field on any dashboard and you can walk it backwards to the exact source columns it came from, and forwards to everything downstream that depends on it. When a source changes, you know instantly what breaks. When an auditor asks where a figure originated, you show them the graph.

Source / BronzeSilver — conformedGold — curatedDashboard metric

Click any node to light its lineage. Click Q3 Revenue for the auditor's answer; a source column for the engineer's. Toggle impact, or mark fx.rate changed to see what breaks.

How this fits with AI Governance

The method decides. The platform enforces.

Our AI Governance practice and this platform are two halves of one answer, and it's worth being precise about which is which — because a serious buyer will ask, and most vendors blur it. One is a way of working. The other is a technical control that makes the way of working real.

AI GovernanceThe method — decides what should be trueGoverned Data PlatformThe mechanism — makes it enforced
Decides what should be true. Nine-phase lifecycle, risk tiering, evidence packs, a signed go/no-go verdict.Makes it technically enforced. Unity Catalog grants, masking, lineage and audit — the controls the method assumes exist.
Answers "is this AI system fit to ship, and can we prove it?"Answers "who can actually see this data, where did it come from, and who touched it?"
Maps to the EU AI Act, NIST AI RMF and ISO 42001.Provides the access, lineage and audit evidence those frameworks require.
Portable — runs on any stack.Native — runs on Databricks, where your data already lives.
Together

A policy you can't enforce is a wish. A control with no policy behind it is a setting.

You need both, and they're stronger together than apart: the method tells the platform what to enforce, and the platform gives the method its evidence. Buy the platform here; bring the method from the AI Governance practice. Neither is complete alone.

The stack

What the governance layer is built from.

Unity Catalog at the centre, with the serving, security and integration tools around it. A sample across the layers:

Unity Catalog and its native capabilities lead; integrations (Purview, Collibra, Atlan, Great Expectations) are shown because we federate with an enterprise catalog you already run rather than rip it out. A representative stack — we trim to what your team implements.

In production

Governed end to end — in production today.

In production

A large automotive supplier

The governed ETL we built feeding this supplier's live BI runs on exactly this control plane — access, lineage and audit under one catalog, data an analyst and an auditor can both trust. On the insurance side, intelligent document processing over ACORD forms and policy records, governed the same way. Governance that's operating in production, not a slide about governance.

Why Focaloid for governed data

We govern the data because we build on it, and build AI on top of it.

We build the platform we govern

The same team that designs your Lakehouse sets up its governance — so access, lineage and audit are designed in from the first table, not retrofitted by a separate team who didn't build it.

Governance that reaches the AI

Because we build agents on AgentBricks too, we govern the whole path — the same catalog controls the analyst's query and the agent's context. Most vendors govern the tables and lose the model.

Method and mechanism, one house

Our AI Governance practice brings the framework; this platform enforces it. You get the policy and the control from one partner who makes them fit together, instead of a consultancy and a tools vendor who don't talk.

Built to a real security bar

ISO/IEC 27001:2022 certified, working to the access and audit discipline a European risk review actually tests — not governance theatre.

Partners & Certifications
Databricks PartnerClaude Partner NetworkISO/IEC 27001:2022 Certified
Who it's for

Built for teams who'll be asked to prove it.

A customer's security review wants to know exactly who can see their data. We can't answer cleanly.

Our data access grew organically and now no one can tell me who has access to what.

An auditor asked for a year of access logs and we had to go build them.

We govern our warehouse well — and then our AI reads a copy nobody's watching.

Someone changed a source table and three dashboards broke before we noticed.

We need one place to prove data governance, not five consoles that half-agree.

Usually a CDO, Head of Data Governance or Data Platform, a CISO, a DPO, or a CTO whose customers run hard security reviews — in the US, Europe and APAC.

Where this leads

The control plane connects both ways.

Common questions

Before you book.

How is this different from your AI Governance page?

AI Governance is the method — a nine-phase lifecycle, risk tiering and evidence packs that decide whether an AI system is fit to ship. This is the mechanism — the Unity Catalog controls that technically enforce who can see what and prove where data came from. The method decides; the platform enforces. You need both, and we do both.

Do we have to rip out our existing data catalog?

No. Unity Catalog can federate with an enterprise catalog you already run — Purview, Collibra, Atlan — so it governs your Databricks estate without forcing a rip-and-replace of your wider cataloguing. Where it makes sense to consolidate, we'll say so.

Does the governance actually reach our AI, or just the tables?

It reaches the AI. Because agents built on AgentBricks authenticate through the same catalog, they're subject to the same access controls and masking as a human user — and their access is in the same audit log. That's the whole point of doing data governance and AI in one platform.

Is the lineage automatic or do we maintain it?

Automatic. Unity Catalog captures column-level lineage as data flows through queries and pipelines — you don't hand-maintain a mapping. That's what makes "where did this come from?" a click instead of a project.

Can we do row- and column-level security, not just table access?

Yes — row filters, column masks and attribute-based policies, so the same table shows different things to different users. A support agent sees masked PII; a compliance officer sees it in full; an AI agent sees only what it's cleared for.

What does an auditor actually get?

A complete, queryable access history — who accessed what, when, from where — plus the lineage graph showing how any figure was derived. The two things an audit asks for first, already there rather than reconstructed under deadline.

Which cloud, and does this work with what we have?

Databricks on AWS, Azure or GCP. It governs the data on the Lakehouse and integrates outward to your BI tools and enterprise catalog, so it fits into your estate rather than replacing it.

The next step

Find out what you could actually prove today.

Start with a governance readiness review — we'll look at how access, lineage and audit work across your data and your AI right now, where the gaps are, and what a Unity Catalog control plane would close. The fastest way to know how you'd do in a customer's security review before they run it.

Unity Catalog · Column-level lineage · Databricks SQL · ISO/IEC 27001:2022
Book a discovery call