Keeping your policies up to date is essential for maintaining compliance and ensuring that employees are informed of current requirements. In Drata, each policy includes a renewal date. The policy renewal date defines when a policy must be reviewed, updated, or acknowledged again.
Policy renewals help your organization:
Conduct compliance checks for policy-related tests.
Trigger tasks on the Tasks page for upcoming policy reviews or acknowledgments.
Different compliance frameworks have different renewal requirements. Some policies only need periodic reviews, while others require personnel acknowledgment. Drata provides flexible renewal options to help you meet these requirements efficiently.
Policy Renewal Scenarios
Depending on your framework, you may need to renew a policy in one of the following ways.
Require Policy Reviews
If your framework mandates periodic reviews without personnel acknowledgment, follow these steps:
Review the policy to confirm it is accurate and up to date.
Adjust the renewal date to the next review deadline.
Select Update, then indicate that this is not a material change when prompted.
Outcome
If you are a Policy Owner, the policy remains Published, and no personnel acknowledgment is required.
If you are not a Policy Owner, you need approval from the Policy Owner and then, no personnel acknowledgment is required.
Require Policy Reviews and Personnel Acknowledgment
If your framework requires personnel to acknowledge policies on a regular cadence, follow these steps:
Review the policy to ensure it is accurate and relevant.
Adjust the renewal date to the next acknowledgment deadline.
Select Update, then indicate that this is a material change when prompted.
Send and receive approval from the Policy Owner.
Publish and notify personnel to acknowledge the updated policy.
Outcome
Personnel acknowledgment is required.
Renew a Policy Without Updates
If a policy remains valid without requiring updates, you can renew it without making changes. This option is ideal for keeping policies current while streamlining approvals.
To use renew a policy without updates, ensure the following:
The policy is in the Published state.
The policy does not have an existing Draft version.
You are the Policy Owner.
This feature is not available for policies connected to BambooHR.
After you met the previous requirements, you can renew a policy without any updates:
Navigate to the published policy.
Select Renew without updates in the header.
In the Renew without updates modal:
Select a renewal date.
Does this renewal need personnel acknowledgement?
Does this renewal need approval?
Yes, approval is needed: The policy enters Needs approval status.
No, approval is not needed: The policy is published immediately.
Select Renew to finalize the renewal.
Outcome
Creates a new minor version of the policy.
Updates the Published Date to reflect the renewal confirmation date.
This option allows you to send the policy for reapproval if needed.
Manage Policy Renewal Dates
Since every policy in Drata requires a renewal date, you can track and update renewal dates in the following ways:
Policy Center Table: The renewal date is displayed in the Policy Center table for quick reference.
Policy Details: Select a policy to view its renewal date under the Policy Details section.
When selecting the renewal date:
Many frameworks require policies to be reviewed and acknowledged annually by your personnel.
To maintain compliance and pass audits successfully, set a renewal date that gives your team sufficient time to review and acknowledge policies before the annual deadline.
Update an Overdue Renewal Date
If a policy’s renewal date is overdue and it is not in the Published status, you must update the date before making any other changes. If the renewal date is in the past, the following actions will be blocked until the renewal date is updated:
Finalizing a draft.
Approving the policy.
Saving changes to an Approved policy.
Publishing the policy.
Steps to Update the Renewal Date
Navigate to the Policy Center and select the policy.
Click the Edit button in the Policy details section.
Enter a future date for the renewal.
Select Save.
Policy Renewal and Tasks
Drata automatically generates policy-related tasks based on the renewal date. You can find these tasks on the Tasks page.
Policy Renewal and Tests
Policy-related compliance tests use the renewal date to determine whether a policy is still valid. If the renewal date is overdue, the test fails, requiring corrective action.
The following image illustrates a compliance test for the Acceptable Use Policy, ensuring the policy is in place and valid before its renewal date.