In Secureframe, admins can expect to encounter many associated test for framework policies.

Some are related to the obligation of having an approved policy, other tests are related to personnel acknowledgement of those policies. The type of policy will depend on the framework you have in your Secureframe platform. 

Understanding the 2 types of Policy tests

1. Policy Review & Approval by Owner - The first type of policy test simply requires the Secureframe Admins to review, assign an owner and publish each of the applicable Policies. This ensures that your organization has all the relevant policies for the applicable frameworks loaded into Secureframe. 
   • Using our Policies - Secureframe already provides each of required policies for the frameworks your organization has purchased. If you plan to utilize our Policies, those will already be located in the Policies page. 
   • Using your own Policies - If you have your own policies, then you will first upload the policy text or completed PDF's and then review, assign an owner and finally publish.
2. Policy Acknowledgement by Personnel - The second type of policy test is acknowledgement of the policies for the relevant frameworks. This test ensures that for each in-scope personnel has reviewed each of the applicable polices and accepted them as part of your onboarding effort. 

Linking approved Policies to Policy Tests

Publishing a policy in Secureframe does not automatically link that policy to the associated test. This action must be done manually through the test's Evidence tab, which allows an Admin to select a specific policy and then track personnel acknowledgement. 

In some cases, it is easy for Secureframe to assume and link a Policy, but depending on customer naming convention, this step of linking an approved policy to the right test may fall on the Admin. 

Instructions on how to link:

• Head to the Test section using the left navigation, search for the "Privacy and Data Protection Policy" test as an example.
• 
• Open the test and navigate to the Evidence tab.
• Click on the dropdown menu and select "Privacy and Data Protection Policy".
• 
• Once you link an published policy, this will mark the test as passing.
• Repeat this process for additional Policy Test.

Frequently Asked Questions (FAQ)

I have already approved my policies, but my test are still failing?

• The most common scenario here is that the policy has not been linked to the specific test. You can review the instructions here. 

How do I create and or edit my policies?

• You can review our complete guide on how to edit policies here. 

What’s the difference between Secureframe policies and custom policies?

• Secureframe policies are pre-built and automatically link to associated policy tests. If you're using custom policies, you'll need to manually create a test and link the policy URL as evidence to meet the test requirement.

I see both "Policy Test" and "Acknowledgment Policy Test" in the Tests page. What’s the difference?

• Policy Test: Verifies that a specific policy exists and is accessible. You can link a custom policy to this test by adding its URL as evidence.

• Acknowledgment Policy Test: Verifies that users have acknowledged a policy. If you're not using Secureframe's acknowledgment workflow, you can disable these tests.

Can I disable the default policy-related tests?

• Yes. You can disable both the Policy Test and Acknowledgment Policy Test if you're not using Secureframe’s policy templates. Then, create your own tests tied to each of your custom policies.

What’s the best way to link a custom policy to a test?

• Create a new test, then copy the published URL of your custom policy and add it as evidence. This demonstrates that the policy is in place and accessible.