The Policy Center is your central hub for managing policies critical to audit readiness and compliance. It allows you to create, edit, approve, and archive policies, ensuring that they meet compliance standards and are acknowledged by your team annually.
Prerequisite
Before using the Policy Center:
Ensure you have the appropriate role assigned. Learn more about Drata’s roles.
Policy Center’s Key Features
Explore the following features of the Policy Center with step-by-step guides:
Build or edit policies: Edit or update your policies. Learn more at Policy Builder.
View and edit policy details: Manage policy details such as renewal dates, SLAs, policy owners, and descriptions to keep your policies organized and compliant. Learn more at View and edit Policy Detail.
Create your custom policies: Upload and manage tailored policies specific to your organization. Learn more at Create and replace a Drata Policy with your Custom Policy.
Download policies: Export your policies as PDFs. Learn more at Download your policies.
Approve and publish: Policy Owners can review and approve and publish policies. Learn more at about approving policies.
Archive or restore policies: Archive outdated policies or restore them as needed.
Learn more at Archive policies.
Learn more at Restore an Archived Policy.
Delete policy versions: Learn how to delete policies or policy versions.
Note: You can only delete a policy's draft state or a custom policy,
Policy Center Page
The Policy Center is divided into two tabs:
Active policies: View and manage current policies.
Archived or replaced policies: View policies that are no longer active, including archived or superseded policies. These policies can be restored if needed.
Active policies tab
On the Active policies tab, there is a policy overview section that gives you a holistic view of your policies. This section includes four cards that display key policy metrics, making it easier to manage your policies. You can select on any card to apply its filter to the table. The cards include:
Renews soon: Shows the number of active policies where the latest version has a renewal date within the next two months.
Renewal past due: Shows the number of active policies where the latest version has a renewal date that is past due.
Needs approval: Shows the number of active policies where the latest version is in the Needs Approval status.
Ready to publish: Shows the number of active policies where the latest version is in the Approved status and awaiting to be published.
View your policies
To view a policy, select anywhere on the row. The version that will be displayed depends on the policy’s current status:
If only a draft version exists, then the latest draft will be displayed.
If only a Published version of that policy exists, then the published policy will be displayed
If both Published and draft versions exist, then the latest draft will be displayed.
By viewing the Version and Status columns, you can recognize which published policies have draft versions.
Note: You will be able to view the published and draft versions by selecting the link within the info banner.
Filters in the Policy Center
The Policy Center includes filters to help you find and manage policies based on specific criteria:
Renewal Date: Use this filter to find policies based on their renewal status.
Renews Soon: Displays policies with a renewal date within the next two months.
Past Due: Displays policies with a renewal date that has passed.
Status: Filter policies by their current status: Draft, Needs Approval. Approved, and Published.
Control owner: Filter policies by their control owner.
You can also utilize the search bar to find your policies.
Policy Status
Policies progress through the following statuses:
Draft: Initial state where policies are created, edited, and finalized for approval.
Needs Approval: Policies awaiting review and approval from Policy Owners.
Content cannot be edited at this stage.
Approved: Policies that have been reviewed and approved by the Policy Owner but are not yet published.
At this stage, only the Policy Owner can edit the policy.
Published: The policy is live and officially in effect, impacting your monitoring tests and compliance.
Personnel must acknowledge the policy to fulfill compliance requirements.
When you finalize or make changes to your policies, you must indicate if it is a material change or non-material change.
Material changes:
Significant updates to the policy’s core aspects.
The policy version is updated to a major version (such as v1 → v2).
The status changes to Needs Approval, requiring Policy Owner review and approval.
Personnel acknowledgment is required after the update.
Non-Material Changes:
If the changes are not material changes, the policy version will be updated to a minor version (such as v1 → v1.2). If you are a Policy Owner and the policy is already published, you can publish minor updates directly. Non-Policy Owners: Must send updates for approval. Personnel acknowledgment is not required for minor changes.
Minor adjustments that don’t affect the policy’s core aspects.
The policy version is updated to a minor version.
If you are a Policy Owner and the policy is already published, you can publish the edits instantly.
Non-Policy Owners must submit updates for approval and the status is changed to Needs Approval.
Personnel acknowledgment is not required for non-material changes.
Learn more about making edits to your policies.
Policy Version
Policy versions help you track every change made to a policy, ensuring transparency and compliance. Each time a policy is updated, it is assigned a new version number, allowing you to monitor edits, approvals, and updates at every stage. When you download a policy, the PDF includes a complete version history with details of all changes.
Major Versions (such as v1.1 → v2.1)
When you make material changes that significantly impact the policy's core aspects, the policy will:
Require Policy Owner approval
Require personnel acknowledgment.
Minor Versions (such as v1.1 → v1.2)
When you make non-material changes, such as minor adjustments that don’t alter the policy’s core aspects, the policy:
May or may not require Policy Owner approval, depending on your role:
Policy Owners: Can publish minor updates directly.
Non-Policy Owners: Requires policy owner's approval.
Personnel acknowledgment is not required for minor changes.