To prepare for an audit, you will need to have a number of policies in place, approved by management, and acknowledged by your employees annually.

In 'Policy Center', you can view and download your policies, build or upload a policy, and delete unapproved policy versions.

You can also:

Edit your policy. To learn how to edit your policy, go to Policy Builder.
Create and delete a custom policy. To learn about custom policies, go to custom policy.
Approve a policy. Policy owners approve policies. To learn how to approve a policy go to Approving a policy
Archive policies. To learn how to archive policies, go to Archive policies.
To restore an archived policy, go to Restore an Archived Policy.

Before diving in

Verify who has access to the Policy Center, go to Role Administration & RBAC.

View and Download Your Policies

On the Policy Center page, you can view all your policies in Drata. You can easily distinguish between active and archived policies using the Active policies and Archived or replaced policies tabs.

Active policies tab: This is the default. Displays current policies.
Archived or replaced policies tab: View archived or replaced policies. Learn more about Archiving Policies.

Download Your Policies

You can download your policies in a PDF format which includes the version history of the policies. The policy version history includes information such as name and description of the policy, the renewal date of the policy, and the version history. The version history includes information such the creation date of that version, approver name, approval date (if approved), and the owner of the policies.

You can download your policies from multiple places such as the Policy Center, Controls, and Audit Hub page.

Build or upload your policy

You can either build a policy based on an auditor-approved template or upload one of your company policies.

For each policy, ensure to enter policy details like assigning a policy owner (who approves the policy) and adding a renewal date. After submitting or creating a policy, you can always edit your policy on Policy Builder. To learn about all the functionalities of Policy Builder, go to Policy Builder.

Build a policy based on an auditor-approved template

Select the start building icon.
- If the edit icon is displayed, this means the policy was already submitted or created. To use an auditor-approved Drata policy template, select the edit icon. Then, select the ‘Actions’ button and select the ‘Revert to latest template’ on the dropdown menu. This will override your current policy you have with the newest auditor-approved template in Drata.
Select ‘Start Building’ to go to Policy Builder.
Edit your policy, enter your policy details and map controls to your policy (You cannot map controls to policy if you have workspace enabled).
- Policy Builder is where you can edit and add more details such as a disclaimer to your policy. To learn about all the functionalities of Policy Builder, go to Policy Builder.
- Review the highlighted areas of the policy. These areas are customized for your company.
- Review the comment bubbles on the right side of the document. These comments are from the Drata Admin and provide guidance on which framework criteria are covered in each section of the policy. The comments also have examples or tips to aid in your policy creation.
Select the ‘Submit Policy’ button when you are finished.

Upload one of your company policies

Note: Files can be up to 25MB and the uploaded filename is displayed.

Select the start building icon.
- If you only see an edit icon, this means the policy was already submitted or created. To upload one of your company policies, select the edit icon. Then, select the ‘Actions’ button and select the ‘Upload File’ on the dropdown menu. Affirm that this is the policy and create it. This will override the current policy with the uploaded file.
Select ‘or upload existing policy’.
Upload the policy, enter the policy details, and select the personnel.
Select the ‘Create’ button when you are done.

Delete unapproved policy versions

Note: You can only delete policies that have not been approved. Once approved, you can only archive the policy. To learn how to archive policies, go to Archive policies.

Select the trash icon to delete the current, unapproved version of the policy. This will permanently delete the unapproved version of the policy. After deleting that version, the policy reverts to the previous version.

If you are on version one (v1), there are no more versions to delete and the trash icon is no longer displayed.