All Collections
Policies
Updating a policy or creating a new version
Updating a policy or creating a new version

Material changes to policies

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

In order to prepare for your an audit, there are a number of policies you will need to have in place, approved by management, and accepted by your employees annually. Once your first version is in place, there may be a need to make a material change and ask employees to re-accept them.

BEFORE DIVING IN

Admins and information security leads will have access to create, approve and update policies within Drata.

HERE'S HOW

To make an edit to a policy, you will use the paper and pencil icon to the left of the name of the policy.

Once you complete your edits and click 'Update Policy', a modal will appear asking if the change made was a material change.

If you select that 'This is a material change', an additional modal will be shown asking for an 'Explanation of Changes'. At this point, you will also have the opportunity to review and update your policy renewal date to ensure it aligns with your company's compliance goals. IMPORTANT: If the owner opts to send an email to employees, this explanation will appear in the email.

The owner of the policy will then be prompted to 'Approve policy version?' and will be given the option to send an email notification to all employees to notify them of the changes and to log back into Drata to accept the new version. At this point, you will also have the opportunity to review and update your policy renewal date to align with your company's compliance goals.

When editing or updating a policy, you may find that you want to revert to your previous draft or start over using the latest version of a Drata policy template. Whether you’ve uploaded a file or used the policy builder template, you can revert to the latest Drata template policy or to your most recent draft.

NOTE: Drata occasionally updates the policy templates. Drata will never modify your policies and you will always have the option to use the latest version of a policy template.

WHAT DOES IT MEAN TO RENEW A POLICY

Renewing your policies can mean varying things depending on the needs of your compliance program. Here are some options for you to consider when managing a policy that is up for renewal. Some frameworks require that the policies are simply reviewed on a certain cadence. In this case, when the policy renewal date comes around, perform the following steps:

  1. Read the policy to make sure it's accurate and up to date.

  2. Adjust the renewal date for the next time a review is required

  3. Select "Update" to save your changes and elect that this is NOT a material change when prompted

Some frameworks require that your policies are reviewed AND accepted by your personnel on a certain cadence. If this in the case, perform the following steps when the renewal date comes around:

  1. Read the policy to make sure it's accurate and up to date

  2. Adjust the renewal date for the next time you need to have your employees accept the policy

  3. Select "Update" to save your changes and elect that this IS a material change

  4. Have the policy owner approve the policy

  5. Notify your personnel they need to accept the policy (or policies) through Drata or your own means

Did this answer your question?