In order to prepare for an audit, there are a number of policies you will need to have in place, approved by management, and acknowledged by your employees annually.
BEFORE DIVING IN
Admins, information security lead, and workspace managers will have access to create, approve and update policies within Drata
Build or upload a policy before going to Policy Builder. To learn more, go to the Policy Center overview.
HERE'S HOW
To edit your policy, follow the next few steps.
Go to the 'Policy Center' page.
Select the edit icon to edit the desired policy. This will redirect you to the Policy Builder.
Edit the policy on Policy Builder.
Note: If you uploaded a policy, you will see the uploaded PDF file of the policy.
Policy Builder overview
In Policy Builder, you can edit, manage, or review your policy details.
When changing or editing the content on Policy Builder, you might see text highlighted in yellow. The highlight text is where you can review customized details specific to your company. In addition, you will see comment bubbles on the right side of the document. These comments can indicate which framework criteria is being addressed as well as examples or tips to aid in your policy creation. You can also create comments and highlight the text as well.
Create tables in policies
You can create tables in policies.
To create a table, select the table icon on the toolbar and select the desired amount of columns and rows.
To customize the styling select the table, and select the desired action.
Save the changes and view your policy from the Policy Center to see the new changes.
Adjust table size
If the table is overflowing when you download the PDF version of the policy, you can:
Adjust the column size to change the table column from responsive to fixed. Hover over one of the column’s lines to move the width.
Select the Table properties by selecting the table and selecting the table properties icon.
Update the width dimensions to be 100% and save.
Add images into your policy
You can add up to 5 images into your policies. The supported image file is: JPG, SVG, and PNG and each of the image size must be less than 1 MB.
To add an image, select the image icon in the toolbar or drag and drop your image directly into the policy builder.
Select the image to customize the size or alignment.
Ensure to submit and save your policy to save any changes.
Preview your policy
Before submitting and saving the changes you made in your policy, you can preview a PDF version of the changes you made.
Select Actions and then PDF preview and select the download PDF file.
Update Policy details
Under Policy details, you can edit or add policy details.
Select the edit icon next to Policy details. Ensure to save your changes within the drawer before submitting the policy.
Renewal date: Enter the renewal date under Details. To learn more, go to Policy Renewal Date.
Owner: Enter the personnel that need to approve the policy under Details. To learn how to approve policy go to Approving a policy.
Description: Enter a description for the policy under Details.
Disclaimer (optional): Enter a disclaimer for your policy. The disclaimer will be displayed in My Drata when your personnels acknowledge the policy.
Personnel groups: Select one of the choices to assign who needs to acknowledge the policy under Personnel. To learn how to review and acknowledge your company policies, go to Review and Acknowledge Company Policies.
All Personnel: To pass the associated monitoring test, all personnel must acknowledge the policy.
Specific groups: To pass the associated monitoring test, all personnel within the selected group must acknowledge the policy.
To learn how to set up groups, go to Group-Based Policy.
Policy doesn’t apply to personnel: Not required to be acknowledged. When selecting this option, ensure that you disabled any test that is associated with employee acknowledgement for this policy.
Linked controls: Link controls for the policy. Scroll down to LINKED CONTROLS. To learn how to link controls, go to Policy Center: Link your policies to your controls.
Policies replaced: Replace a Drata policy template with the current custom policy. This option is for custom policies. If your policy is a Drata template, this option will not be there.
You can view additional details about your policy.
Frameworks: Name of the associated framework.
Versions: View the current version number.
Select See version history and select the version you would like to view the PDF file of.
Select View current version to view the PDF file of the current version.
Created: Date when the policy was created.
Approved: Date when the policy was approved. If it is blank, that means it is not approved.
When your personnel is viewing a policy within My Drata, this approved date is displayed as the Last approved date for all policies except authored policies with non-material changes. For authored policies with non-material changes, the Last updated date is the date when the non-material change was made.
Last Draft: Date when the last draft was created.