💡 Still using the classic Drata experience? Refer to View and Edit a Policy for the original UI.
Use the Policies page to view and update policy content, details, and versions while preserving approval history and audit readiness. What you can edit depends on the policy’s current status.
Who can edit a policy
Editing permissions depend on the policy’s status.
Policy status | Who can edit | What happens |
New (aka Draft state) | Anyone | Fully editable until finalized. |
Needs approval | No one | Locked during review. Approvers can approve or request changes. |
Approved | Policy Owner | Editing creates a new version and requires classifying the change. |
Published | Anyone | Editing creates a new draft. The published version remains active until replaced. |
Step 1: Start editing a policy
Open Governance → Policies.
Locate the policy you want to update.
Start editing in either of the following ways:
Select the ellipsis (⋯) and choose Edit policy, or
Select the policy to open it, then use the available tabs to make updates
Editing is available only when the policy is in an editable status.
Step 2: Update policy content
You can update policy content in either of the following ways:
Upload a file: Replace the policy using a supported file type: PDF, DOCX, ODT, XLSX, ODS, PPTX, or ODP (maximum 25 MB).
Author in Drata: Edit the policy directly in the editor. Highlight text and add comments to provide context or request feedback.
Step 3: Finalize and classify changes
After you finish editing:
Select Finalize draft.
Choose how to classify the update.
Material changes
Use this option when the update affects the policy’s intent or scope.
Approval is required
The policy status changes to Needs approval
Approvers are notified based on configured approval tiers
The policy can be published after all approvals are complete
Non-material changes
Use this option for minor wording or formatting updates.
Approval can be skipped
The policy can be published immediately by a Policy Owner
You can choose whether personnel acknowledgment is required
Step 4: Explain your changes
Use the Explanation of changes field to describe what was updated. This explanation appears in:
Notifications sent to approvers
Emails sent to personnel (if notifications are enabled)
The policy’s version history
Clear explanations support audits and internal review.
Update policy details
Use the Overview tab to update policy metadata. You can edit:
Name (custom policies only)
Renewal date (required before publishing; triggers reminders and monitoring)
Description
Disclaimer (shown to personnel during acknowledgment)
Personnel groups (who must acknowledge the policy)
Policies replaced (override selected Drata templates)
The following fields are view-only:
Linked controls
Frameworks (derived from linked controls)
View version history
The Version history tab shows all current and previous versions of the policy, including:
Version number
Explanation of changes
Policy Owners
Creation date
Approval date
Published date
From the actions menu, you can download a version as a PDF or view approval history when available. Version history helps demonstrate change management and approval controls during audits.