The Policy posture summary
At the top of the Policies page, a posture summary shows:- Policy health score — a 0–100 composite score based on how many policies are active, acknowledged, and up to date
- Active policies — policies with a status of active
- Pending policies — policies in draft state
- Overdue for review — active policies whose next review date has passed
- Policies without evidence — active policies not linked to any evidence item
Filtering the policy list
Use the filter tabs to narrow the list:| Filter | What it shows |
|---|---|
| All | Every policy regardless of status |
| Active | Published policies in effect |
| Draft | Policies not yet published |
| Overdue | Active policies past their review date |
Creating a policy from a template
Browse templates
Click + New Policy or Generate from Template. A template picker opens showing all available policy templates, organized by category. Each template shows a short description and its associated framework tags (for example, ISO 27001, SOC 2).
Select a template
Choose the template that matches the policy you want to create. Click Use Template to create a new policy pre-populated with the template’s content.
Review and edit the content
The policy editor opens with the template’s markdown content. Customize the policy to match your organization’s specific processes, naming conventions, and approval chains.
Set dates and settings
Fill in the Effective date (when the policy takes effect) and Next review date (when it should be reviewed again). Enable Requires acknowledgment if team members must confirm they’ve read the policy.
Bulk generating policies
If you need to create several policies at once, use the Bulk Generate feature:- Navigate to Policies → Bulk Generate
- Select multiple templates from the list
- Click Generate — SecurAtlas creates a draft policy from each selected template
Tracking acknowledgments
When a policy has Requires acknowledgment enabled, each team member needs to confirm they’ve read it. The policy list shows an acknowledgment percentage for each active policy — for example, “72% acknowledged” — indicating what fraction of your team has confirmed. Click a policy to see the full acknowledgment breakdown, including which members have and haven’t acknowledged it yet.Understanding drift detection
If your organization is using policy templates and a template is updated by SecurAtlas (for example, because a framework requirement changed), your existing policy may show a drift indicator. Drift means your published policy has diverged from the current version of its source template. The policy list shows a drift badge on affected policies, and the dashboard Policy Posture widget includes a drift count. To resolve drift, open the affected policy and review the differences between your current content and the updated template. Apply any relevant changes and save.Drift detection does not automatically modify your policy content. You remain in control of what gets published — the drift indicator is a signal to review, not an automatic override.
Exporting a policy to PDF
You can export any active or draft policy as a formatted PDF document.
Policy PDFs are useful for distributing to team members who need a printed copy, sharing with auditors, or archiving a snapshot of your policy at a point in time.
Policy exports are also available through the API at
/api/reports/policy-export.