Note: If you want to update policy details like the owner or renewal date, go to View and Edit Policy Details. These instructions are specifically for editing the policy content, not policy metadata.
Editing a policy involves updating its actual content. These changes need to be classified as either material or non-material, as they affect the policy’s version and status.
Build a policy based on an auditor-approved template
Select the edit icon (
) on the Policy Center table.
If applicable, select the Start Building button.
If you choose to upload an existing policy, the uploaded policy will replace the Drata template and be used instead.
Edit your policy, enter your policy details, and map controls to your policy.
Review the highlighted areas of the policy.
Review the comment bubbles on the right side of the document. These comments are from the Drata Admin and provide guidance on which framework criteria are covered in each section of the policy. The comments also have examples or tips to aid in your policy creation.
Select the ‘Finalize draft’ button when you are finished.
Then, Policy Owner will need to approve the policy and publish the policy to make it live and visible to personnel in My Drata.
Upload one of your company policies
Note: Files can be up to 25MB.
Select the edit icon (
If applicable, select Upload an Existing Policy.
If you choose to upload an existing policy, the uploaded policy will replace the Drata template and be used instead.
If you choose Start Building, you will be directed to the editor where the Drata template is preloaded.
Review your policy, enter your policy details, and map controls to your policy.
Select the Finalize Draft button after completing the upload.
Then, Policy Owner will need to approve the policy and publish the policy to make it live and visible to personnel in My Drata.
Edit a policy
To prepare for an audit, you need policies that are approved by management and acknowledged by personnel annually.
After a policy is published, you might need to make changes to keep it accurate and up to date. To edit a published policy:
In Policy Center, select the Edit icon (
) next to the policy you want to update.
Select Edit policy, and then choose one of the following options:
Upload a File: Replace the existing policy with an updated file.
Author Policy: Modify the content directly.
Make your changes to the policy content.
Select Finalize draft.
Once you complete your edits, select Finalize draft .
Indicate if your edits include material or non-material changes.
Material changes:
Approval is required by default.
After selecting Finalize draft, the policy will go through the approval process. After you can configure if personnel acknowledgment is required.
Non-material changes:
You can choose whether approval is required:
Yes, approval is required: The policy will go through the standard approval process. After you can configure if personnel acknowledgment is required.
No, approval is not required: The policy will be published immediately after finalization.
You can choose whether this change require personnel acknowledgement.
Optionally add an explanation.
If email notifications are enabled, your explanation will be included in the email sent to personnel.
Review the confirmation modal summarizing your changes, then select Confirm or Cancel to complete the process.
The policy owner will be prompted to approve and publish the policy version and will have the option to notify their personnel about the policy change.
Renew a policy
Renewing policies ensures they remain accurate, relevant, and compliant with your organization’s framework requirements. The specific steps to renew a policy depend on your compliance program's needs. For detailed steps and guidance on renewing policies, visit Policy Renewal Date help article.