You can edit a policy in Drata to keep it accurate, aligned with frameworks, and ready for audits. Editing includes updating the policy content, metadata (like owner or renewal date), and tracking changes through version history. What you can edit depends on the policy’s status.
This article walks you through editing policy content, changing policy details, and understanding approval and versioning rules.
Who Can Edit and When
Policy status | Who can edit | Details |
Draft | Anyone | Fully editable until finalized. |
Needs approval | No one | Locked during review. Only approvers can approve or request changes. |
Approved | Policy owner only | Editing creates a new version. |
Published | Anyone | Editing creates a new draft. |
Start editing a policy
Go to the Policy Center.
Find the policy you want to update.
Select the edit icon (
) to open the policy detail page.
Choose Edit policy to begin making changes.
Editing is only available when the policy is in an editable status. Refer to the table above for details.
Choose how to update the content
You can update policy content using one of two methods:
Upload a file: Replace the policy with a supported file type: PDF, DOCX, ODT, XLSX, ODS, PPTX, or ODP. The file cannot be higher than 25MB.
Author policy: Edit the policy directly. Highlight text and use the comment icon to add notes or context.
Finalize the draft
After updating the policy content:
Select Finalize draft.
Choose whether the change is material or non-material.
Material changes
Approval is required.
The policy status changes to Needs approval.
Approvers are notified based on the approval tiers.
The policy becomes available for publishing after all required approvals.
Non-material changes
Choose whether to require approval.
If approval is skipped, the policy is ready for publishing immediately. You can also choose whether personnel acknowledgment is required.
Explanation of changes
Use this field to describe what was updated in the policy. The explanation appears in:
The email sent to personnel when you choose to notify them
The notification shown to approvers
The policy’s version history
Header
At the top, you'll find a summary with the following details:
Name | Description |
Version # | Displays the policy's version number. |
Policy Status | Shows the current status of the policy: Draft, Needs approval, Approved, and Published. |
Creation Date | The date the policy was first created. |
Approval Date | The date the policy was approved. If approval was not required, it shows "No approval required". If there is an approval date, it will be a blank dash. |
Published Date | The date the policy was published and became live. |
Update policy details
Use the Details section in the Overview tab to update metadata.
Field | Description |
Name | Editable for custom policies. |
Renewal date | Required before finalizing or publishing. Triggers reminders and monitoring. |
Description | Summary of what the policy covers. |
Disclaimer (Optional) | Shown to personnel when they acknowledge a policy in My Drata. |
Personnel groups | Determines who must acknowledge the policy. |
Policies replaced | Overrides selected Drata templates. |
These fields are displayed in the Details section but cannot be edited directly:
Field | Description |
Linked controls | Shows which controls are associated with the policy. |
Frameworks | Shows frameworks connected to the policy based on linked controls. |
Version History Tab
The Version History tab tracks all past and current versions of the policy, providing transparency and ensuring compliance.
The table includes the following information:
Column | Description |
Version | The version number of the policy. |
Explanation of Changes | A summary of the changes made to the policy. If no explanation is provided, it shows "No explanation of changes was added." |
Policy Owners | The names of the policy owners responsible for the policy. |
Creation Date | The date the version was created. |
Approval Date | The date the version was approved. |
Published Date | The date the version was published. |
Ellipses ( | Provides options to download the policy version as a PDF or, if available, view its approval history. |
)