We’ve introduced multiple enhancements to elevate your compliance experience. Here are some of the highlights:

Latest Improvements

New Policy Statuses

We’ve introduced new policy statuses to give you more flexibility in managing policies without affecting Control readiness. With distinct approval and publishing steps, admins can now tailor workflows to meet their organization’s needs—such as requiring approval even for non-material changes.

Policy Center Updates

Draft & Published Policies

• You can now create and save draft policies without affecting the live, published version.

• Drafts only take effect when approved and published.

Improved Visibility

• The policies table now includes a status column and a count of policies in each key state.

Version Management

• Minor changes (e.g., wording updates) generate minor versions (V1.n) without triggering acknowledgments.

• Major updates still require a new primary version and acknowledgment.

Policy States

• Published: Approved and linked policies appear as Published and remain active.

• Draft: Unapproved policies remain in Draft until finalized.

Quick Edits & Acknowledgment Rules

• Minor updates to approved policies can bypass the draft/approval process.

• Only Published policies require acknowledgment, and previous acknowledgments will carry over.

Policy Ownership & Approval

• Only policy owners can approve and publish policies.

For more information about the Policy Center, visit our Policy Center Collection in the Drata Help Center.

Vendor Risk Management Updates

Auto-Schedule Questionnaires for Recurring Reviews & Automated Questionnaire Reminder Emails

We’re excited to introduce Auto-Schedule Questionnaires for Recurring Reviews and Automated Questionnaire Reminder Emails, making vendor security reviews easier than ever!

Previously, managing recurring vendor questionnaires and manually sending reminders was a time-consuming and tedious process. This update automates those tasks, reducing administrative burden and improving efficiency.

Auto-Scheduled Questionnaires

• Automatically send questionnaires to vendors based on their recurring review deadlines.

• Customize how many days before the deadline the questionnaire is sent, ensuring timely security reviews.

Automated Reminder Emails

• Set up automated follow-ups in Vendor Settings to remind vendors to complete their questionnaires.

• Choose how many days after the initial send reminders should go out.

• Reminders continue until the questionnaire is completed.

New Security Review Statuses

• We’ve introduced new statuses to provide better visibility into Security Review progress.