Skip to main content
All CollectionsPolicy Center
Create and replace a Policy with your Custom Policy
Create and replace a Policy with your Custom Policy

Upload or create your custom policy directly in Drata. Additionally, discover how to replace Drata policy templates with a custom policy.

Updated over a week ago

Drata allows you to replace its built-in policy with your custom policies, giving you flexibility to align policies with your organization's specific requirements while maintaining compliance.

BEFORE DIVING IN

  • Admins, information security leads, and workspace managers will have access to create, approve, and update policies within Drata.

  • You cannot be using an external policy manager like BambooHR or Confluence.

    • If using an external policy manager, you will see an Import External Policy button rather than a Create Custom Policy button.

Replacing a policies

When you replace a Drata template policy with a custom policy, the replacement takes effect immediately, even if the custom policy is unpublished. You can only replace a built-in policy with a custom policy. To revert and restore the original built-in policy, refer to Restore Replaced Policies.

Here’s is what happens when you replace a policy:

  • Automatic control and test mapping: Replacing a built-in policy provided by Drata automatically transfers all control mappings and monitoring tests.

    • If the custom policy is not published, the controls may be marked as “Not Ready”.

  • Archived policy: The replaced policy is automatically archived.

  • Unpublished Policies: You can use unpublished custom policies to replace a built-in policy, but this may result in controls being marked as “Not Ready” until the custom policy is finalized and published.

  • SLAs (Service Level Agreements): If the policy being replaced has SLAs, you may need to configure additional settings during the replacement process to ensure compliance.

Create and replace a policy

To replace a policy in Drata, you must first create a custom policy. During the policy creation process, you’ll have the option to select which Drata template policy you’d like to replace.

Step 1: Navigate to the Policy Center

Go to the Policy Center page and select Create Custom Policy to begin creating your custom policy.

Step 2: Provide Policy Details

Provide details for your custom policy in the drawer.

  • Policy Source:

    • Upload policy: Select and upload a file from your computer (up to 25MB).

    • Author policy in Drata: Use Drata’s built-in editor to create and finalize your policy, after filling out the rest of the details in the drawer.

  • Details: Enter policy details such as name, description, renewal date, owner of the policy, and disclaimer.

Step 3: Select personnel groups

You must also choose who will acknowledge this policy or if it does not apply to personnel.

Step 4: Replace Drata policies (optional)

Select policies to replace.

A modal will appear with a list of policies eligible for replacement. Select the policy you want to replace.

SLA Settings:

  • If the selected policy has Service Level Agreements (SLAs), additional settings will appear in the modal for configuration.

After you’re done filling out the required fields, select Create.

Next steps: Author Policy in Drata

Note: If you selected Upload policy as the policy source, the file is uploaded and created without further action needed.

If you choose to Author Policy in Drata, you’ll be directed to Drata’s built-in editor to draft and finalize the policy. You can also have the ability to upload a custom policy file as well.

Additional resources

Did this answer your question?