Skip to main content

View and edit a policy (New Experience)

This article explains who can edit a policy, how to make updates, and how approvals and versioning work in the new experience.

Updated this week

💡 Still using the classic Drata experience? Refer to View and Edit a Policy for the original UI.

Use the Policies page to view and update policy content, details, and versions while preserving approval history and audit readiness. What you can edit depends on the policy’s current status.

Who can edit a policy

Editing permissions depend on the policy’s status.

Policy status

Who can edit

What happens

New (aka Draft state)

Anyone

Fully editable until finalized.

Needs approval

No one

Locked during review. Approvers can approve or request changes.

Approved

Policy Owner

Editing creates a new version and requires classifying the change.

Published

Anyone

Editing creates a new draft. The published version remains active until replaced.

Step 1: Start editing a policy

  1. Open Governance → Policies.

  2. Locate the policy you want to update.

  3. Start editing in either of the following ways:

    • Select the ellipsis (⋯) and choose Edit policy, or

    • Select the policy to open it, then use the available tabs to make updates

Editing is available only when the policy is in an editable status.

Step 2: Update policy content

You can update policy content in either of the following ways:

  • Upload a file: Replace the policy using a supported file type: PDF, DOCX, ODT, XLSX, ODS, PPTX, or ODP (maximum 25 MB).

  • Author in Drata: Edit the policy directly in the editor. Highlight text and add comments to provide context or request feedback.

Step 3: Finalize and classify changes

After you finish editing:

  1. Select Finalize draft.

  2. Choose how to classify the update.

Material changes

Use this option when the update affects the policy’s intent or scope.

  • Approval is required

  • The policy status changes to Needs approval

  • Approvers are notified based on configured approval tiers

  • The policy can be published after all approvals are complete

Non-material changes

Use this option for minor wording or formatting updates.

  • Approval can be skipped

  • The policy can be published immediately by a Policy Owner

  • You can choose whether personnel acknowledgment is required

Step 4: Explain your changes

Use the Explanation of changes field to describe what was updated. This explanation appears in:

  • Notifications sent to approvers

  • Emails sent to personnel (if notifications are enabled)

  • The policy’s version history

Clear explanations support audits and internal review.


Update policy details

Use the Overview tab to update policy metadata. You can edit:

  • Name (custom policies only)

  • Renewal date (required before publishing; triggers reminders and monitoring)

  • Description

  • Disclaimer (shown to personnel during acknowledgment)

  • Personnel groups (who must acknowledge the policy)

  • Policies replaced (override selected Drata templates)

The following fields are view-only:

  • Linked controls

  • Frameworks (derived from linked controls)


View version history

The Version history tab shows all current and previous versions of the policy, including:

  • Version number

  • Explanation of changes

  • Policy Owners

  • Creation date

  • Approval date

  • Published date

From the actions menu, you can download a version as a PDF or view approval history when available. Version history helps demonstrate change management and approval controls during audits.

Did this answer your question?