In order to prepare for an audit, there are a number of policies you will need to have in place, approved by management, and acknowledged by your employees annually.
BEFORE DIVING IN
Admins, information security lead, and workspace managers will have access to create, approve and update policies within Drata
Build or upload a policy before going to Policy Builder. To learn more, go to the Policy Center overview.
HERE'S HOW
To edit your policy, follow the next few steps.
Go to the 'Policy Center' page.
Select the edit icon to edit the desired policy. This will redirect you to the Policy Builder.
Edit the policy on Policy Builder.
Note: If you uploaded a policy, you will see the uploaded PDF file of the policy.
Policy Builder overview
In Policy Builder, you can edit, manage, or review your policy details.
When changing or editing the content on Policy Builder, you might see text highlighted in yellow. The highlight text is where you can review customized details specific to your company. In addition, you will see comment bubbles on the right side of the document. These comments can indicate which framework criteria is being addressed as well as examples or tips to aid in your policy creation. You can also create comments and highlight the text as well.
Create tables in Policies
You can create tables in policies.
To create a table, select the table icon on the toolbar and select the desired amount of columns and rows.
To customize the styling select the table, and select the desired action.
Save the changes and view your policy from the Policy Center to see the new changes.
Adjust table size
If the table is overflowing when you download the PDF version of the policy, you can:
Adjust the column size to change the table column from responsive to fixed. Hover over one of the column’s lines to move the width.
Select the Table properties by selecting the table and selecting the table properties icon.
Update the width dimensions to be 100% and save.
Update Policy details
Under Policy details, you can edit or add policy details. Select the edit icon next to Policy details.
Renewal date: Enter the renewal date under Details. To learn more, go to Policy Renewal Date.
Owner: Enter the personnel that need to approve the policy under Details. To learn how to approve policy go to Approving a policy.
Description: Enter a description for the policy under Details.
Personnel groups: Select one of the choices to assign who needs to acknowledge the policy under Personnel. To learn how to review and acknowledge your company policies, go to Review and Acknowledge Company Policies.
All Personnel: To pass the associated monitoring test, all personnels must acknowledge the policy.
Specific groups: To pass the associated monitoring test, all personnels within the selected group must acknowledge the policy.
To learn how to set up groups, go to Group-Based Policy.
Policy doesn’t apply to personnel: Not required to be acknowledged. When selecting this option, ensure that you disabled any test that is associated with employee acknowledgement for this policy.
Linked controls: Link controls for the policy. Scroll down to LINKED CONTROLS. To learn how to link controls, go to Policy Center: Link your policies to your controls.
Policies replaced: Replace a Drata policy template with the current custom policy. This option is for custom policies. If your policy is a Drata template, this option will not be there.
You can also view additional details about your policy.
Frameworks: Name of the associated framework.
Versions: View the current version number.
Select See version history and select the version you would like to view the PDF file of.
Select View current version to view the PDF file of the current version.
Created: Date when the policy was created.
Approved: Date when the policy was approved. If it is blank, that means it is not approved.
Last Draft: Date when the last draft was created.