In Secureframe, admins can expect to encounter many associated tests for framework policies.
Some are related to the obligation of having an approved policy, other tests are related to personnel acknowledgement of those policies. The type of policy will depend on the framework you have in your Secureframe platform.
Understanding the 2 types of Policy tests
Policy Review & Approval by Owner - The first type of policy test simply requires the Secureframe Admins to review, assign an owner and publish each of the applicable Policies. This ensures that your organization has all the relevant policies for the applicable frameworks loaded into Secureframe.
Using our Policies - Secureframe already provides each of the required policies for the frameworks your organization has purchased. If you plan to utilize our Policies, those will already be located in the Policies page.
Using your own Policies - If you have your own policies, then you will first upload the policy text or completed PDF's and then review, assign an owner and finally publish.
Policy Acknowledgement by Personnel - the second type of policy test is acknowledgement of the policies for the relevant frameworks. This test ensures that for each in-scope personnel has reviewed each of the applicable polices and accepted them as part of your onboarding effort.
Video Tutorial
Linking Tests When Publishing a New Policy
To link tests to your policy when you’re ready to publish your policy, follow the steps below.
From the Policies page, select the policy you want to publish and click Publish.
You’ll be prompted to add tests to the policy.
Click Not Right Now if you want to add them later.
Click Add to Existing Tests if you’re ready to associate tests now.
A pop-up window will appear with a list of available policy tests.
Select one or more tests you want to associate. A single policy can be linked to multiple tests.
Click Add.
The test will appear under the Testing tab in the policy, and the test will automatically refresh to reflect the new association.
Note: for policy acknowledgement tests, once all personnel assigned to the policy have reviewed and accepted the published policy, the test status will change to Passing.
Linking Tests to a Policy Before Publishing
If you want to link tests to a policy before it's ready to publish, you can do that directly from the test's Evidence tab.
Navigate to the Tests page and open the test you want to update
Click the Evidence tab
Select the policy or policies you want to associate with the test
Click Add
You can link multiple policies to a single test. All linked policies will appear on the Evidence tab once added.
A few things to keep in mind:
If a linked policy is still in draft, Secureframe will display a warning banner on the test. Draft policies are labeled (draft) with muted styling in the policy picker so they are easy to spot.
A draft policy will not satisfy the test and personnel will not be able to acknowledge it until it is published.
Once you publish the policy, the paired acknowledgement test will re-run automatically. You do not need to manually refresh it.
Linking Tests to an Existing Published Policy
From the Policies page, click the policy you want to update.
Navigate to the Testing tab.
Click Add Test.
Select one or more tests you want to associate. A single policy can be linked to multiple tests.
Click Add.
The test will refresh automatically to show the connection between the policy and the test.
Removing a Test from a Policy
Open the policy from the Policies page.
In the Testing tab, locate the associated test you want to remove.
Click the three-dot menu next to the test.
Select Remove Test.
Frequently Asked Questions (FAQ)
I have already approved my policies, but my test are still failing?
The most common scenario here is that the policy has not been linked to the specific test. You can review the instructions here.
How do I create and or edit my policies?
You can review our complete guide on how to edit policies here.
What’s the difference between Secureframe policies and custom policies?
Secureframe policies are pre-built and automatically link to associated policy tests. If you're using custom policies, you'll need to manually create a test and link the policy URL as evidence to meet the test requirement.
I see both "Policy Test" and "Acknowledgment Policy Test" in the Tests page. What’s the difference?
Policy Test: Verifies that a specific policy exists and is accessible. You can link a custom policy to this test by adding its URL as evidence.
Acknowledgment Policy Test: Verifies that users have acknowledged a policy. If you're not using Secureframe's acknowledgment workflow, you can disable these tests.
Can I disable the default policy-related tests?
Yes. You can disable both the Policy Test and Acknowledgment Policy Test if you're not using Secureframe’s policy templates. Then, create your own tests tied to each of your custom policies.
What’s the best way to link a custom policy to a test?
Create a new test, then copy the published URL of your custom policy and add it as evidence. This demonstrates that the policy is in place and accessible.
How can customers upload evidence that policy acknowledgement was completed to Secureframe?
If you’re not using Secureframe’s pre-built policies (which are already linked to automated policy tests), you can still show that your team has acknowledged your own policies by using the “Pass with Upload” feature.
This lets you manually upload external evidence — for example, a report exported from your HRIS or policy management tool — to demonstrate that acknowledgements were completed elsewhere.
✅ Upload a single summary report (e.g., CSV or PDF) that lists all personnel who acknowledged.
🧩 This option bypasses Secureframe’s built-in test logic, so the test will show as Passed with upload.
🚫 Individual acknowledgements won’t map to personnel records, and pending acknowledgement tasks may still appear under Personnel since they weren’t completed through Secureframe.
Why is there a warning banner on my policy test saying my policy is in draft?
If a policy linked to a test hasn't been published yet, Secureframe will display a warning banner letting you know the policy is still in draft. Draft policies won't satisfy the test and personnel won't be able to acknowledge them until they're published. To resolve this, navigate to the Policies page, open the draft policy, and publish it. Once published, the paired acknowledgement test will re-run automatically.