Skip to main content
All CollectionsPolicy Center
Custom Policies
Custom Policies

Upload your custom policies or use our built-in editor. Additionally, discover how to replace Drata policy templates with a custom policy.

Updated over 4 months ago

To prepare for an audit, you need to have several management-approved policies acknowledged by your employees. Many companies also want to add additional policies to Drata for centralized management. While Drata's Policy Center includes several policy templates, you may prefer to use your own. You can replace Drata’s policies with your custom policies.

Prerequisite

  • Admins, information security leads, and workspace managers will have access to create, approve, and update policies within Drata.

  • You cannot be using an external policy manager like BambooHR or Confluence. If using an external policy manager, you will see an Import External Policy button rather than a Create Custom Policy button.

Create custom policy

  1. Navigate to the Policy Center page and select Create Custom Policy.

  2. Choose a Policy source.

    • Upload policy: Select a file from your computer (up to 25MB). If the PDF has a title, it will be displayed.

      • If there is no title within the PDF, the filename does not change.

      • If there is a title within the PDF, the filename becomes the title.

    • Author policy in Drata: Use Drata’s built-in editor to draft and edit your new policy.

  3. Enter Required Details. Fill in policy details, personnel, and whether you would like to replace a Drata policy.

Replace Drata policy with custom policy (Optional)

Note: When replacing our Drata policy with a custom policy, the existing control mapping is not removed.

  1. Select the Select policies button under Replace Drata policies (optional).

  2. Select the policies to replace.

  3. Affirm Policy Content (if applicable).

    • If one of the policies selected requires affirmation, a modal with an affirmation checkbox is displayed. You’ll need to affirm the policy content before continuing.

  4. Configure SLA Settings (if applicable).

    • If a selected policy is also associated with Service Level Agreement (SLA) settings, the modal will also include SLA settings for you to configure. After entering your SLA settings, continue.

Finalize the custom policy: Authored Policy

Note: If you selected Upload policy as the policy source, the file is uploaded and created without further action needed.

After selecting Create, if you selected Author policy in Drata as the policy source, you'll be directed to the policy editor to create and edit your custom policy.

Once you're done, enter the policy renewal date on the right hand side before submitting the policy.

  • Renewal date are crucial for automated tests and tasks to help keep you on track with compliance goals. Many frameworks require annual review/approval of policies, so select a date that meets your compliance needs.

You’ll generally need to maintain policies the same way you created them. The exception is if you author a policy using Drata, you can switch to uploading a file for a future version.

Approve custom policy

Approving a policy allows the personnel you marked in-scope to acknowledge the policy.

  1. Once you create your policy, you’ll find it in Policy Center.

  2. The policy owner will need to approve the policy before it takes effect. Learn more at Policy approval, renewal, and updates.

Additional resouces

Did this answer your question?