In Secureframe, admins can expect to encounter many associated tests for framework policies.

Some are related to the obligation of having an approved policy, other tests are related to personnel acknowledgement of those policies. The type of policy will depend on the framework you have in your Secureframe platform. 

Understanding the 2 types of Policy tests

1. Policy Review & Approval by Owner - The first type of policy test simply requires the Secureframe Admins to review, assign an owner and publish each of the applicable Policies. This ensures that your organization has all the relevant policies for the applicable frameworks loaded into Secureframe.
   • Using our Policies - Secureframe already provides each of the required policies for the frameworks your organization has purchased. If you plan to utilize our Policies, those will already be located in the Policies page.
   • Using your own Policies - If you have your own policies, then you will first upload the policy text or completed PDF's and then review, assign an owner and finally publish.
2. Policy Acknowledgement by Personnel - the second type of policy test is acknowledgement of the policies for the relevant frameworks. This test ensures that for each in-scope personnel has reviewed each of the applicable polices and accepted them as part of your onboarding effort. 

Video Tutorial

Linking Tests When Publishing a New Policy

To link tests to your policy when you’re ready to publish your policy, follow the steps below.

• From the Policies page, select the policy you want to publish and click Publish.
• You’ll be prompted to add tests to the policy.
  • Click Not Right Now if you want to add them later.
  • Click Add to Existing Tests if you’re ready to associate tests now.
• A pop-up window will appear with a list of available policy tests.
• Select the tests you want to associate
• Click Add.
• The test will appear under the Testing tab in the policy, and the test will automatically refresh to reflect the new association.

Note: for policy acknowledgement tests, once all personnel assigned to the policy have reviewed and accepted the published policy, the test status will change to Passing.

Linking Tests to an Existing Published Policy

• From the Policies page, click the policy you want to update.
• Navigate to the Testing tab.
• Click Add Test.
• Select the available tests you want to associate
• Click Add.
• The test will refresh automatically to show the connection between the policy and the test.

Removing a Test from a Policy

• Open the policy from the Policies page.
• In the Testing tab, locate the associated test you want to remove.
• Click the three-dot menu next to the test.
• Select Remove Test.

Frequently Asked Questions (FAQ)

I have already approved my policies, but my test are still failing?

• The most common scenario here is that the policy has not been linked to the specific test. You can review the instructions here. 

How do I create and or edit my policies?

• You can review our complete guide on how to edit policies here. 

What’s the difference between Secureframe policies and custom policies?

• Secureframe policies are pre-built and automatically link to associated policy tests. If you're using custom policies, you'll need to manually create a test and link the policy URL as evidence to meet the test requirement.

I see both "Policy Test" and "Acknowledgment Policy Test" in the Tests page. What’s the difference?

• Policy Test: Verifies that a specific policy exists and is accessible. You can link a custom policy to this test by adding its URL as evidence.

• Acknowledgment Policy Test: Verifies that users have acknowledged a policy. If you're not using Secureframe's acknowledgment workflow, you can disable these tests.

Can I disable the default policy-related tests?

• Yes. You can disable both the Policy Test and Acknowledgment Policy Test if you're not using Secureframe’s policy templates. Then, create your own tests tied to each of your custom policies.

What’s the best way to link a custom policy to a test?

• Create a new test, then copy the published URL of your custom policy and add it as evidence. This demonstrates that the policy is in place and accessible.

How can customers upload evidence that policy acknowledgement was completed to Secureframe?

If you’re not using Secureframe’s pre-built policies (which are already linked to automated policy tests), you can still show that your team has acknowledged your own policies by using the “Pass with Upload” feature.

This lets you manually upload external evidence — for example, a report exported from your HRIS or policy management tool — to demonstrate that acknowledgements were completed elsewhere.

• ✅ Upload a single summary report (e.g., CSV or PDF) that lists all personnel who acknowledged.

• 🧩 This option bypasses Secureframe’s built-in test logic, so the test will show as Passed with upload.

• 🚫 Individual acknowledgements won’t map to personnel records, and pending acknowledgement tasks may still appear under Personnel since they weren’t completed through Secureframe.