Keep the same campaign logic across channels so reporting does not split into near-duplicates.
Governance policy layer
One campaign, one meaning
No silent edits
Publish-safe only
UTM governance policy for teams and agencies
Use this page as the policy layer for campaign tracking: who owns the standard, what values are allowed, what cannot change silently, and what must be logged before a tracked link can go live.
This is not just a naming guide. It is the operating policy that keeps naming, approvals, QA, redirects, and reporting interpretation aligned after launch.
Any live URL, redirect, or parameter change must be logged with reason, owner, and approver.
Build, log, QA, test redirects, approve, then publish the exact approved URL.
Start here
What this policy actually controls
This policy exists for the moment when tracking starts to fragment because multiple people are building URLs in slightly different ways. It defines the operational rules that keep one campaign readable across channels, teams, spreadsheets, dashboards, and launch cycles.
Naming drift
People invent new campaign names, sources, and mediums without approval, so the same initiative begins to show up under multiple labels.
Silent changes
Someone edits a live URL, redirect, or spreadsheet row after launch, but nobody records what changed or why reporting shifted.
Unowned tracking
Links go live without a named owner, QA record, or approval trail, so problems surface only after money or traffic has moved.
Use this page when: your standards exist in theory, but nobody can enforce them consistently once campaigns move from planning into execution.
Scope, boundary, and accountability
The policy should say exactly where tracked links are allowed, where they are not, and who can approve them. Governance fails fastest when everybody can publish but nobody owns the standard.
Scope
- Applies to paid ads, email, affiliates, influencers, partner campaigns, QR codes, and any redirect layer used for campaign tracking.
- UTMs are required when you need campaign-level, placement-level, or partner-level reporting.
- UTMs are not used on internal navigation or anywhere they pollute attribution.
- Redirects and shorteners must preserve query parameters end to end before publish.
- If a channel uses platform IDs or auto-tagging, the interaction with UTMs must be documented in advance.
What this page is not
- Not the full naming playbook — use naming conventions for formulas and examples.
- Not the approved dictionary itself — use taxonomy design for controlled values.
- Not a one-off preflight list — use QA checklist and QA checker.
- Not your complete inventory system — use link governance and the campaign log to operationalise it.
| Role | Owns | Cannot skip |
|---|---|---|
| Requester / owner | Campaign brief, landing page, intended source/medium, timing | Cannot publish an unlogged link |
| Approver | Naming, approved values, exception decisions, launch sign-off | Cannot approve free-text drift without documenting it |
| Publisher | Posting the exact logged and approved URL | Cannot edit UTMs after QA without re-check |
| Analyst / ops owner | GA4 validation, monthly drift reviews, version log | Cannot let unknown values accumulate silently |
Agencies should pair this page with UTMs for agencies and client reporting so the handoff process stays stable across client accounts.
Hard rules that cannot drift
These are the non-negotiables. They keep the system readable even when multiple teams, clients, and channels touch the same campaign.
test, misc, campaign1, or vague social labels.utm_source and utm_medium come from approved lists only.Use the stack in order: UTM Builder → campaign log → QA Checker → Redirect Checker → approval → publish.
Naming contract and approved dictionary
The policy should enforce two controlled assets: one durable naming formula and one approved dictionary. The policy does not replace them. It tells the team what is allowed and how changes get approved.
Naming contract
Campaign names should follow one formula that works across channels, teams, and reporting views.
utm_campaign = yyyy-mm_initiative_audience_region-optional
Example: 2026-03_spring-launch_prospects_uk
Approved dictionary
utm_source and utm_medium are controlled lists, not free-text fields. Keep the list short enough to govern and specific enough to report on.
If the team keeps mixing the allowed values with the formatting pattern, use UTM taxonomy vs naming conventions to separate field ownership before anyone edits the policy.
googlefacebooktiktokklaviyopartnername
cpcpaid-socialemailaffiliateinfluencer
See taxonomy design and approved values
| Parameter | Purpose | Policy rule | Good examples |
|---|---|---|---|
utm_source | Traffic source | Approved list only | google, facebook, tiktok, klaviyo, partnername |
utm_medium | Channel type | Approved list only | cpc, paid-social, email, affiliate, influencer |
utm_campaign | Shared campaign identifier | Stable and human-readable | 2026-03_spring-launch_prospects_uk |
utm_content | Creative / placement variant | Only when it will be used | video-a, cta-top, creator-ella01 |
utm_term | Keyword / targeting detail | Use only with reporting intent | brand, retargeting, running-shoes |
Campaign log and source-of-truth requirements
A policy without a campaign log is just a nice document. Every live tracked URL should exist in one source-of-truth log before it is published.
If you need the working templates and rollout assets behind this policy, pull them from the UTM Governance Starter Kit rather than rebuilding the pack from scratch.
Minimum required fields
| Column | Why it exists | Required? |
|---|---|---|
date_created | Audit trail and change history | Yes |
owner | Who is accountable for the link | Yes |
destination_url | Clean landing page without UTMs | Yes |
final_tracked_url | The exact URL published | Yes |
utm_source, utm_medium, utm_campaign | Core reporting dimensions | Yes |
utm_content, utm_term | Optional breakdown fields | No |
approver | Who approved launch | Yes |
notes | Placements, exceptions, or platform notes | Recommended |
Source-of-truth rule
The log should hold the clean destination, the final tracked URL, the owner, the approver, and any approved exceptions. Once a link is live, the log becomes the reference point for troubleshooting.
- The published URL must exactly match the approved log entry.
- If the redirect path changes, the change belongs in the log.
- If a platform appends IDs or auto-tagging parameters, note the rule in the log.
- Use one log, not multiple half-trusted spreadsheets.
Use the campaign tracking spreadsheet or adapt it with more operational columns if needed.
Publish-safe QA gate
This is the minimum launch gate that turns a tracked URL from “probably fine” into “safe to publish.”
1
Build
Create the URL from the approved naming and dictionary rules.
2
Log
Record the exact URL, owner, approver, and destination in the source-of-truth log.
3
QA
Validate lowercase, approved values, encoding, and campaign consistency.
4
Redirect test
Confirm the path preserves UTMs end to end if any shortener or redirect layer is involved.
5
Approve
Sign off the logged version, not a slightly different copy someone pasted later.
6
Publish
Use the exact approved tracked URL and keep the published link tied to the log entry.
Minimum checks
- The destination URL matches the brief.
- UTMs are present where required and correctly encoded.
- Lowercase, hyphen, and approved-value rules are followed.
utm_campaignmatches the campaign log exactly.- Any redirect or shortener preserves parameters end to end.
- The URL is logged with owner, approver, and launch date.
Use these supporting checks
QA checklist for launch reviews, QA checker for field validation, and UTM mistakes that ruin tracking for a fast drift scan.
Change control and exceptions
Most teams break governance here. They may have naming rules, but they do not have rules for changing the rules. Your policy should define what counts as a valid change, who can approve it, and what gets logged.
Valid change requests
- A new platform or partner requires a genuinely new approved value.
- A reporting need exposes a real gap in the current dictionary.
- A campaign structure change is planned and documented before launch.
- A redirect or shortener requirement changes and must be re-tested.
Reject the request when
- The new value is only a synonym for something already approved.
- The request exists to save time rather than preserve reporting clarity.
- The campaign is already live and someone wants a silent retroactive edit.
- The team cannot explain how the new value will be used in reporting.
date · requested_by · change_type · old_value · new_value · reason · approved_by · effective_date
If you govern more than one team or client, pair this with link ownership & change control so URL changes and UTM changes stay aligned.
Reporting rules and monthly enforcement
If your policy now has to survive multiple markets, regional teams, or agency layers, step up to the wider control model in UTM governance enterprise so ownership, escalation, and exceptions stay explicit instead of drifting by habit.
Governed UTMs only matter if the same campaign logic survives across channels and inside analysis. This page should define the reporting rules and the monthly review loop that keeps them alive.
Reporting rules
- Keep the same
utm_campaignacross paid social, email, affiliates, and influencers when the initiative is the same. - Use
utm_contentfor placement or creative differences instead of changing the core campaign name. - Document how UTMs interact with auto-tagging, especially in Google Ads.
- Validate reporting using the dimensions the team actually uses in analysis.
Where UTMs show in GA4 · UTMs vs auto-tagging · Cross-platform attribution
30-day enforcement rhythm
- Export top
utm_source,utm_medium, andutm_campaignvalues. - Flag unknowns, case variants, punctuation variants, and unexplained new values.
- Confirm live links still resolve correctly and preserve UTMs.
- Update the change log and policy version if a controlled update was approved.
Escalate immediately if: one campaign appears under multiple names, source / medium values multiply without approval, redirect chains change, or GA4 fills with ambiguous campaign rows.
Maturity check: use the UTM governance assessment to spot drift before it becomes a cleanup project.
Larger teams: review enterprise governance if multiple brands, regions, or operators share the same stack.
Bad vs good examples
Good governance is obvious when the same campaign stays readable across channels. The table below shows what drift looks like in practice and what a controlled version looks like instead.
| Use case | Bad | Good |
|---|---|---|
| Email newsletter | ?utm_source=Email&utm_medium=Newsletter&utm_campaign=March Sale!!! | ?utm_source=klaviyo&utm_medium=email&utm_campaign=2026-03_spring-launch_prospects_uk |
| Paid social | ?utm_source=facebook&utm_medium=paid&utm_campaign=springsale | ?utm_source=facebook&utm_medium=paid-social&utm_campaign=2026-03_spring-launch_prospects_uk&utm_content=video-a |
| Influencer | ?utm_source=tiktok&utm_medium=influencer&utm_campaign=creator01 | ?utm_source=tiktok&utm_medium=influencer&utm_campaign=2026-03_spring-launch_prospects_uk&utm_content=creator-ella01 |
| Affiliate | ?utm_source=affiliate&utm_medium=ref&utm_campaign=partner | ?utm_source=partnername&utm_medium=affiliate&utm_campaign=2026-03_spring-launch_prospects_uk |
FAQ
Use these answers to align the policy with how campaign links behave in the real world.
Should we always use UTMs?
No. Use UTMs when you need campaign-level or partner-level reporting. Avoid them on internal navigation or anywhere they create misleading sessions.
How many approved source and medium values should we allow?
As few as you can govern. A shorter controlled list is easier to audit and keeps reporting cleaner than a long free-text dictionary.
Can we change UTMs after a campaign has launched?
Only through a logged change-control step. Silent edits create split reporting and make historic analysis unreliable.
What is the minimum publish-safe workflow?
Build the URL, log it, run QA, test redirects, get approval, then publish the exact approved link.
How do we stop naming drift over time?
Enforce one naming contract, keep source and medium on controlled lists, require a campaign log, and run a short monthly drift review.
Sources
Next routes
Treat this page as the policy layer: rules, approvals, exceptions, and monthly enforcement. Then move into the implementation assets that make the policy usable day to day.