Effective policy management is essential for maintaining compliance and operational efficiency within an organization. This guide provides an overview of policy statuses and detailed steps for approving and publishing policies in Drata.
Prerequisites
Policy Owners can approve and publish policies.
Policies must be approved before they can be published. To learn more about policy status, go to Policy Center overview.
Approve and publish a policy
Navigate to the Policy Center. If needed, filter the table by: Needs Approval status and Policy Owner (set it to yourself).
Select the policy from the table.
Select the Approve button. The policy is now marked as Approved and ready for publishing.
After approval, select the Publish button to make the policy live.
The policy will now appear in My Drata for personnel acknowledgment and will impact monitoring tests and compliance.
Decide how you want to notify personnel about the new or updated policy. You can either send it out yourself or send out email notifications through Drata.
Note: If a policy was previously published and the update is not a material change, personnel acknowledgment is not required for the update.
Edit your approved or published policies
You can edit policies in the Approved or Published statuses, but there are specific rules to follow in order to ensure compliance and proper version control.
Editing Rules by Status
To learn more about policy status, go to Policy Center overview. To learn more about editing your policies, go to Edit your policies.
Based on the policy status, the following table indicates who can edit the policy with additional notes.
Policy Status | Who Can Edit | Additional Notes |
Needs Approval | No one | Policies in this status are locked and cannot be edited. |
Approved | Only Policy Owners | Edits must be made by the Policy Owner and require selecting material or non-material changes. |
Published | Anyone | Edits create a new Draft version, moving the policy to the Draft status. |