Databricks
Securely read feature tables and lineage metadata. Notebook jobs are promoted via certificate-verified deployment hooks.
Monthly verification • last run September 2025
Modes & scopes
Modes
- Read-first
- Write-gated notebook promotion
Scopes
- Workspace read via service principal
- Optional job-level write scope
Runbook highlights
Connection modes
VNet injection with no public endpoints; cluster policies enforce runtime controls.
Learning Controls
Model evaluation contracts require drift <3% versus golden sets before writes unlock.
Evidence
Certificates reference workspace IDs, cluster policy hashes, and job bundle digests.
Sample automations & evidence
Sample automations
- Validate feature drift before retraining
- Export lineage into ServiceNow risk register
Action Certificate mapping
Every certificate embeds connector identifiers, residency policy hashes, and Learning Control references so downstream systems can verify scope before allowing writes. Export verification logs to Splunk/Datadog using thetrustplane.certificate_id attribute.
Need a signed runbook?
Request a signed copy of this connector runbook, DPIA, or sub-processor alignment via the security contact form. We respond within one business day and can include environment-specific attestations.
Contact security