In order to prepare for an audit, there are a number of policies you will need to have in place, approved by management, and acknowledged by your employees annually.

On 'Policy Center', you can view and download your policies, build or upload a policy, and delete unapproved policy versions.

You can also:

Edit your policy. To learn how to edit your policy, go to Policy Builder.
Create and delete a custom policy. To learn about custom policies, go to custom policy.
Approve a policy. Policy owners approve policies. To learn how to approve policy go to Approving a policy
Archive policies. To learn how to archive policies, go to Archive policies.
To restore an archive policy, go to Restore an Archived Policy.

Before diving in

Verify who has access to the Policy Center, go to Role Administration & RBAC.

View and download your policies

On the Policy Center page, a table displays all of the policies you have in Drata. You can filter the table based on if the policy is active or archived, the policy owner or the name of the policy. You can also download all of the policies.

Build or upload your policy

You can either build a policy based on an auditor-approved template or upload one of your company policies.

For each policy, ensure to enter policy details like assigning a policy owner (who approves the policy) and adding a renewal date. After submitting or creating a policy, you can always edit your policy on Policy Builder. To learn about all the functionalities of Policy Builder, go to Policy Builder.

Build a policy based on an auditor-approved template

Select the start building icon.
- If you the edit icon is displayed, this means the policy was already submitted or created. To use an auditor-approved Drata policy template, select the edit icon. Then, select the ‘Actions’ button and select the ‘Revert to latest template’ on the dropdown menu. This will override the current policy you have with the newest auditor-approved template in Drata.
Select ‘Start Building’ to go to Policy Builder.
Edit your policy, enter your policy details, and map controls to your policy (You cannot map controls to policy if you have workspace enabled).
- Policy Builder is where you can edit and add more details to your policy. To learn about all the functionalities of Policy Builder, go to Policy Builder.
- Review the highlighted areas of the policy. These areas are customized for your company.
- Review the comment bubbles on the right side of the document. These comments are from the Drata Admin and provide guidance on which of the framework criteria is covered in the section of the policy. The comments also have examples or tips to aid in your policy creation.
Select the ‘Submit Policy’ button when you are finished.

Upload one of your company policies

Note: Files can be up to 25MB and the uploaded filename is displayed.

Select the start building icon.
- If you only see an edit icon, this means the policy was already submitted or created. To upload one of your company policies, select the edit icon. Then, select the ‘Actions’ button and select the ‘Upload File’ on the dropdown menu. Affirm that this is the policy and create. This will override the current policy with the uploaded file.
Select ‘or upload existing policy’.
Upload the policy, enter the policy details, and select the personnels.
Select the ‘Create’ button when you are done.

Delete unapproved policy versions

Note: You can only delete policies that have not been approved. Once approved, you can only archive the policy. To learn how to archive policies, go to Archive policies.

Select the trash icon to delete the current, unapproved version of the policy. This will permanently delete the unapproved version of the policy. After deleting that version, the policy reverts to the previous versions.

If you are on version one (v1), there are no more versions to delete and the trash icon is no longer displayed.