Note: If you want to update policy details like the owner or renewal date, go to View and Edit Policy Details. These instructions are specifically for editing the policy content, not policy metadata.
Editing a policy involves updating its actual content. These changes need to be classified as either material or non-material, as they affect the policy’s version and status.
Build a policy based on an auditor-approved template
Select the edit icon () on the Policy Center table.
If applicable, select the Start Building button.
If you choose to upload an existing policy, the uploaded policy will replace the Drata template and be used instead.
Edit your policy, enter your policy details, and map controls to your policy.
Review the highlighted areas of the policy.
Review the comment bubbles on the right side of the document. These comments are from the Drata Admin and provide guidance on which framework criteria are covered in each section of the policy. The comments also have examples or tips to aid in your policy creation.
Select the ‘Finalize draft’ button when you are finished.
Then, Policy Owner will need to approve the policy and publish the policy to make it live and visible to personnel in My Drata.
Upload one of your company policies
Note: Files can be up to 25MB.
Select the edit icon () on the Policy Center table.
If applicable, select Upload an Existing Policy.
If you choose to upload an existing policy, the uploaded policy will replace the Drata template and be used instead.
If you choose Start Building, you will be directed to the editor where the Drata template is preloaded.
Review your policy, enter your policy details, and map controls to your policy.
Select the Finalize Draft button after completing the upload.
Then, Policy Owner will need to approve the policy and publish the policy to make it live and visible to personnel in My Drata.
Edit a policy
To prepare for an audit, you need to have policies in place that are approved by management and acknowledged by your personnel annually. Once your first version of the policy is published, you may need to make material changes and request personnel to re-acknowledge them.
To edit a policy:
On Policy Center, select the edit icon () next to the desired policy.
Select the Edit policy button. Then, in the drop down menu, select Upload a file or Author policy.
Upload a File: Replace the existing policy with an updated file.
Author Policy: Modify the content directly.
Once you complete your edits, select Finalize draft .
Indicate whether the changes are material or non-material, specify if approval is required, and optionally add an explanation. If email notifications are enabled, your explanation will be included in the email sent to personnel.
The policy owner will be prompted to approve and publish the policy version and will have the option to notify their personnel about the policy change.
Renew a policy
Renewing policies ensures they remain accurate, relevant, and compliant with your organization’s framework requirements. The specific steps to renew a policy depend on your compliance program's needs. For detailed steps and guidance on renewing policies, visit Policy Renewal Date help article.