Skip to main content
Policy Builder

Within Drata, we will guide you to develop your policies

Updated over a month ago

In order to prepare for an audit, there are a number of policies you will need to have in place, approved by management, and acknowledged by your employees annually.

BEFORE DIVING IN

  • Admins, information security lead, and workspace managers will have access to create, approve and update policies within Drata

  • Build or upload a policy before going to Policy Builder. To learn more, go to the Policy Center overview.

HERE'S HOW

To edit your policy, follow the next few steps.

  1. Go to the 'Policy Center' page.

  2. Select the edit icon to edit the desired policy. This will redirect you to the Policy Builder.

  3. Edit the policy on Policy Builder.

    • Note: If you uploaded a policy, you will see the uploaded PDF file of the policy.

Policy Builder overview

In Policy Builder, you can edit, manage, or review your policy details.

When changing or editing the content on Policy Builder, you might see text highlighted in yellow. The highlight text is where you can review customized details specific to your company. In addition, you will see comment bubbles on the right side of the document. These comments can indicate which framework criteria is being addressed as well as examples or tips to aid in your policy creation. You can also create comments and highlight the text as well.

Create tables in policies

You can create tables in policies.

  1. To create a table, select the table icon on the toolbar and select the desired amount of columns and rows.

  2. To customize the styling select the table, and select the desired action.

  3. Save the changes and view your policy from the Policy Center to see the new changes.

Adjust table size

If the table is overflowing when you download the PDF version of the policy, you can:

  1. Adjust the column size to change the table column from responsive to fixed. Hover over one of the column’s lines to move the width.

  2. Select the Table properties by selecting the table and selecting the table properties icon.

  3. Update the width dimensions to be 100% and save.

Add images into your policy

You can add up to 5 images into your policies. The supported image file is: JPG, SVG, and PNG and each of the image size must be less than 1 MB.

To add an image, select the image icon in the toolbar or drag and drop your image directly into the policy builder.

Select the image to customize the size or alignment.

Ensure to submit and save your policy to save any changes.

Preview your policy

To quickly preview your policy:

  1. Go to the Policy Center page.

  2. Select the preview ()icon within the table. Ensure you are on the Active policies tab.

Update Policy details

Under Policy details, you can edit or add policy details.

Select the edit icon next to Policy details. Ensure to save your changes within the drawer before submitting the policy.

  • Renewal date: Enter the renewal date under Details. To learn more, go to Policy Renewal Date.

  • Owner: Enter the personnel that need to approve the policy under Details. To learn how to approve policy go to Approving a policy.

  • Description: Enter a description for the policy under Details.

  • Disclaimer (optional): Enter a disclaimer for your policy. The disclaimer will be displayed in My Drata when your personnels acknowledge the policy.

    • My Drata view for your personnel after you enter a disclaimer:

  • Personnel groups: Select one of the choices to assign who needs to acknowledge the policy under Personnel. To learn how to review and acknowledge your company policies, go to Review and Acknowledge Company Policies.

    • All Personnel: To pass the associated monitoring test, all personnel must acknowledge the policy.

    • Specific groups: To pass the associated monitoring test, all personnel within the selected group must acknowledge the policy.

    • Policy doesn’t apply to personnel: Not required to be acknowledged. When selecting this option, ensure that you disabled any test that is associated with employee acknowledgement for this policy.

  • Linked controls: Link controls for the policy. Scroll down to LINKED CONTROLS. To learn how to link controls, go to Policy Center: Link your policies to your controls.

  • Policies replaced: Replace a Drata policy template with the current custom policy. This option is for custom policies. If your policy is a Drata template, this option will not be there.

You can view additional details about your policy.

  • Frameworks: Name of the associated framework.

  • Versions: View the current version number.

    • Select See version history and select the version you would like to view the PDF file of.

    • Select View current version to view the PDF file of the current version.

  • Created: Date when the policy was created.

  • Approved: Date when the policy was approved. If it is blank, that means it is not approved.

    • When your personnel is viewing a policy within My Drata, this approved date is displayed as the Last approved date for all policies except authored policies with non-material changes. For authored policies with non-material changes, the Last updated date is the date when the non-material change was made.

  • Last Draft: Date when the last draft was created.

Did this answer your question?