Skip to main content
All CollectionsControl Tests
Test: Security Policies are Reviewed
Test: Security Policies are Reviewed

Drata inspects your company records to determine if Management reviewed and approved its security policies before the renewal date.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Security Policies control that ensures your company has approved security policies, and that all employees accept these procedures when hired. This control also checks to make sure that Management has reviewed and approved these policies and that they are made accessible to all employees and contractors.

WHAT TO DO IF A TEST FAILS

If Drata finds that your security policies have not been approved within the last 12 months the test will fail. With a failed test you will receive a list of policies that are passed the policy renewal date.

To remediate a failed test, you will need to notify the policy owner(s) and ask that they review, update the renewal date, and click 'Approve Policy' on those that are outdated.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center page

  2. Ensure that the following policies have been uploaded and approved:

    1. Acceptable Use Policy

    2. Asset Management Policy

    3. Backup Policy

    4. Business Continuity Plan

    5. Code of Conduct

    6. Data Classification Policy

    7. Data Deletion Policy

    8. Data Protection Policy

    9. Disaster Recovery Plan

    10. Encryption Policy

    11. Incident Response Plan

    12. Information Security Policy

    13. Password Policy

    14. Physical Security Policy

    15. Responsible Disclosure Policy

    16. Risk Assessment Policy

    17. Software Development Lifecycle Policy

    18. System Access Control Policy

    19. Vendor Management Policy

    20. Vulnerability Management Policy

HELPFUL RESOURCES

Did this answer your question?