Skip to main content

Manage Policy Renewals

Manage your policy compliance schedule by setting and maintaining renewal dates.

Updated over a month ago

Keeping your policies up to date is essential for maintaining compliance and ensuring that employees are informed of current requirements. In Drata, each policy includes a renewal date. The policy renewal date defines when a policy must be reviewed, updated, or acknowledged again.

Policy renewals help your organization:

  • Conduct compliance checks for policy-related tests.

  • Trigger tasks on the Tasks page for upcoming policy reviews or acknowledgments.

Different compliance frameworks have different renewal requirements. Some policies only need periodic reviews, while others require personnel acknowledgment. Drata provides flexible renewal options to help you meet these requirements efficiently.

Policy Renewal Scenarios

Depending on your framework, you may need to renew a policy in one of the following ways.

Require Policy Reviews

If your framework mandates periodic reviews without requiring personnel acknowledgment, you can update the renewal date without making policy content changes.

  1. Review the policy to confirm it is accurate and up to date.

  2. Update the renewal date to the next review deadline.

Outcome

  • If you are a Policy Owner, the policy remains Published, and no personnel acknowledgment is required.

Require Policy Reviews and Personnel Acknowledgment

If your framework requires personnel to acknowledge policies on a regular cadence, follow these steps:

  1. Review the policy to ensure it is accurate and relevant.

  2. Adjust the renewal date to the next acknowledgment deadline.

  3. Select Update.

  4. Publish and notify personnel to acknowledge the updated policy.

Outcome

  • Personnel acknowledgment is required.

Renew a Policy Without Updates

If a policy remains valid without requiring updates, you can renew it without making changes. This option is ideal for keeping policies current while streamlining approvals.

To renew a policy without updates, ensure the following:

  • The policy is in the Published state.

  • The policy does not have an existing Draft version.

  • You are the Policy Owner.

  • This feature is not available for policies connected to BambooHR.

After you’ve met the above requirements, you can renew a policy without any updates:

  1. Navigate to the published policy.

  2. Select Renew without updates in the header.

  3. In the Renew without updates modal:

    • Select a renewal date.

    • Does this renewal need personnel acknowledgement?

      • YES, personnel acknowledgement is needed: The Notify personnel modal appears.

      • NO, personnel acknowledgement is not needed: Acknowledgment is assumed if personnel acknowledged a previous version.

    • Does this renewal need approval?

      • Yes, approval is needed: The policy enters Needs approval status.

      • No, approval is not needed: The policy is published immediately.

  4. Select Renew to finalize the renewal.

Outcome

  • Creates a new minor version of the policy.

  • Updates the Published Date to reflect the renewal confirmation date.

  • This option allows you to send the policy for reapproval if needed.

Manage Policy Renewal Dates

Since every policy in Drata requires a renewal date, you can track and update renewal dates in the following ways:

  • Policy Center Table: The renewal date is displayed in the Policy Center table for quick reference.

  • Policy Details: Select a policy and then ensure you are on the Overview tab to view its renewal date.

When selecting the renewal date:

  • Many frameworks require policies to be reviewed and acknowledged annually by your personnel.

  • To maintain compliance and pass audits successfully, set a renewal date that gives your team sufficient time to review and acknowledge policies before the annual deadline.

Update an Overdue Renewal Date

If a policy’s renewal date is overdue and it is not in the Published status, you must update the date before making any other changes.

If the renewal date is in the past, the following actions will be blocked until the renewal date is updated:

  • Finalizing a draft.

  • Approving the policy.

  • Saving changes to an Approved policy.

  • Publishing the policy.

Steps to Update the Renewal Date

  1. Navigate to the Policy Center

  2. Select the policy.

  3. Click the Edit button under the Details section within the Overview tab.

  4. Enter a future date for the renewal.

  5. Select Save.

Policy Renewal and Tasks

Drata automatically generates policy-related tasks based on the renewal date. You can find these tasks on the Tasks page.

Policy Renewal and Tests

Policy-related compliance tests use the renewal date to determine whether a policy is still valid. If the renewal date is overdue, the test fails, requiring corrective action.

The following image illustrates a compliance test for the Acceptable Use Policy, ensuring the policy is in place and valid before its renewal date.

Related Articles
Test: Backup Policy
Test: Acceptable Use Policy
Test: Data Protection Policy
Test: Internal Password Policy for Employees
Annual Compliance Review
Did this answer your question?