Drata's Policy Center includes several policy templates; however, you may want to use your own policy. You can replace Drata’s policies with your own custom policy.

Note: When replacing our Drata policy with a custom policy, the existing control mapping is not removed.

Admins, information security leads, and workspace managers will have access to create, approve, and update policies within Drata.

You cannot be using an external policy manager like BambooHR or Confluence. If using an external policy manager, you will see an Import External Policy button rather than a Create Custom Policy button.

Navigate to the Policy Center page and select Create Custom Policy.

Within the drawer, enter the required information including policy source, details, and personnel.

Next, select the Select policies button to choose which Drata policy templates to replace.

Select the policies to replace.

If one of the policies selected requires affirmation of the policy content, a modal with an affirmation checkbox is displayed. You’ll need to affirm the policy content before continuing.

And if a selected policy is also associated with Service Level Agreement (SLA) settings, the modal will also include SLA settings for you to configure. After entering your SLA settings, continue.

After you’re done filling out the required fields, select Create.

Want to restore replaced policies? Learn more here.