💡 Still using the classic Drata experience? Refer to Manage Policy Renewals for the original UI.
Policy renewals help ensure your policies remain current, reviewed on time, and compliant with applicable frameworks. In Drata, every policy includes a renewal date that determines when a policy must be reviewed, updated, or acknowledged again.
Renewal dates affect compliance tests, tasks, and audit readiness, making them a key part of ongoing policy management.
Why policy renewals matter
Policy renewals help your organization:
Meet framework requirements for periodic policy review or acknowledgment
Generate tasks for upcoming policy reviews or acknowledgments
Keep policy-related compliance tests passing
Different frameworks have different renewal expectations. Some require only review, while others require personnel acknowledgment. Drata supports both scenarios.
View and update renewal dates
You can track and update renewal dates in multiple places:
Policies table: Go to the Policies page and scroll to the Renewl date column in the table.
Policy details: Open a policy and view the renewal date in the Overview tab.
If a policy’s renewal date is in the past and the policy isn’t Published, you must update the renewal date before continuing.
When a renewal date is overdue, these actions are blocked:
Finalizing a draft
Approving the policy
Saving changes to an approved policy
Publishing the policy
Update an overdue renewal date
Many frameworks require annual review or acknowledgment. Set renewal dates early enough to allow time for review, approval, and acknowledgment before deadlines.
Open Governance → Policies.
Open the policy.
In the Overview tab, select Edit in the Details section.
Enter a future renewal date.
Select Save.
Policy renewals, tasks, and compliance tests
Drata automatically creates tasks based on policy renewal dates. You can track these tasks on the Tasks page to ensure reviews and acknowledgments happen on time.
Policy renewal scenarios
Scenario 1: Personnel acknowledgments during policy renewals
Use this workflow when personnel must re-acknowledge a policy on a recurring basis (for example, annually).
What you do:
Review the policy to confirm it is still accurate.
Update the renewal date to the next acknowledgment deadline.
Publish the policy and notify personnel to acknowledge it.
Outcome:
Personnel acknowledgment is required
Compliance tests track acknowledgment status
Note about audit packages: Audit packages display acknowledgment status for the latest published version of a policy. This design ensures that audit reports reflect your organization’s current.
Since audit packages reflect the current published policy state, organizations that need to reference acknowledgment timing for an earlier version should retain exported documentation for that version as part of their audit records.
Recommended practice
Before renewing a policy with re-acknowledgment, export the relevant acknowledgment report or audit package for the current version and retain it in your audit documentation.
Scenario 2: Renew a policy without content updates
If a policy remains valid and doesn’t require changes, you can renew it without updating content.
To use this option:
The policy must be Published
No Draft version can exist
You must be the Policy Owner
Renew without updates
Open Governance → Policies.
Open the published policy.
Select Renew without updates in the header.
In the renewal modal:
Select a new renewal date.
Choose whether personnel acknowledgment is required.
Yes: The Notify personnel modal appears.
No: Acknowledgment is assumed if personnel acknowledged a previous version.
Choose whether approval is required.
Yes: The policy moves to Needs approval.
No: The policy is published immediately.
Select Renew to confirm.
Outcome
A new minor version is created
The Published date updates to the renewal confirmation date
Approval and acknowledgment occur only if selected