Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Browse policies and documentsUpload a new document or policyEdit a document or policy
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Edit a document or policy

Update content, version and visibility of an existing document or policy.

Edit a Document or Policy

The Edit a Document or Policy screen is your central workspace for keeping your organisation's policy library accurate, complete, and audit-ready. Data Protection Officers, Compliance Coordinators, IT Security Managers, and anyone responsible for maintaining internal policies will spend time here — whether they are refining a brand-new record right after creation, uploading a revised file, or sending a mature policy through a formal approval workflow. Because DPMS connects policies and documents to ROPAs, risk assessments, tasks, and international standard controls, what you do on this screen ripples across your entire compliance picture.

How to open it

Navigate to Policies & Documents in the left-hand sidebar. From the document list, either click a document's name to open its detail view and then click the edit icon on the General tab, or open the three-dot options menu next to the document and choose Edit. DPMS will also redirect you here automatically the moment you save a brand-new document for the first time.

You need one of the following permissions to access this screen:

  • Edit Policies & Documents — full access to all tabs.
  • Edit only assigned Policies & Documents — access is limited to documents where you are listed as a responsible person.

The Trigger Workflow tab has an additional requirement: you must also hold the Assign Workflow permission. Without it, that tab shows an access-denied page.

Screenshot

What you see

The screen is divided into two zones. On the left sits a vertical tab menu listing every available section: General, Upload, Linked Elements, Tasks, Assessments, Manage Access, Trigger Workflow, and Overview. On the right, the content area fills with the form or table for whichever tab is currently selected.

At the very top of the content area, a breadcrumb trail shows your path — the module name, an arrow, the document name, another arrow, and the current tab name highlighted in blue. This keeps you oriented as you move between tabs.

The General tab — where you land by default — displays a focused, centred form with a thin blue bar running down the left side of each field group. A header block at the top of this form shows the document's current status badge and the responsible persons field. Below it, the main fields appear: Name, Type, Organisational Units, and Classification.

If the document was just created and has not yet been saved for the first time, only the General tab is available. All other tabs are locked until you complete the first save and the record receives a permanent ID.

Working with this screen

Setting up a new document for the first time

When you create a new document from the Policies & Documents list, DPMS drops you straight onto the General tab of the edit screen. Start by typing the document's name in the Name field. This field supports multiple languages — if your organisation works in more than one language, click the AI translation helper button beside the field to auto-fill translations into your other active languages.

Next, choose the Type. This is the most consequential field on the entire screen: it determines whether this document stores an uploaded file (a PDF, Word document, or similar) or an external URL link. Choose carefully, because once you click Save with a type selected, the field locks permanently and cannot be changed. There is no conversion path between the two — if you choose incorrectly you will need to delete the record and start again.

Assign one or more Organisational Units to scope the document to the right part of your company hierarchy, then apply one or more Classification tags from your document taxonomy (for example, "Data Processing Agreement" or "Retention Schedule"). These tags control how the document appears in filtered list views and reports.

When everything looks right, click Save at the bottom of the form. DPMS creates the document record and immediately redirects you to the same edit screen with the Upload tab pre-selected — a deliberate prompt to attach the actual file or link right away.

Uploading or replacing the document file

Click the Upload tab in the left menu. What you see next depends on the Type you chose on the General tab.

For File-type documents: A large dashed rectangle with the message "Drag and drop here or browse" appears in the content area. Drag your PDF, Word document, or other file onto this zone, or click it to open a file browser. DPMS uploads the file and runs an automatic malware scan. Once the scan completes, the file appears as the current version. Below the upload zone, a version history list shows every previous file that was ever uploaded for this document, in reverse chronological order. You can click any entry in the history to preview that version.

Heads up: If a file fails the malware scan it is quarantined and hidden from most users. Only users with IT Security Coordinator, IT Security Manager, System Manager, or Super Admin roles can see quarantined files in the version history. If you upload a file and it seems to disappear, ask your IT Security team to check the quarantine.

For Link-type documents: A text input labelled Link appears. Type or paste the URL you want to associate with this document and save. Each saved URL appears as a row below the input with three icons: an arrow to open it in a new tab, a copy icon to copy it to your clipboard, and an × to remove it. You can store multiple URLs on the same link-type document.

Connecting the document to the broader compliance picture

A document sitting in isolation is of limited use. The tabs for Linked Elements, Tasks, and Assessments let you weave it into the wider DPMS fabric.

Click Linked Elements to attach other DPMS objects — such as Records of Processing Activities (ROPAs) or assets — to this document. A table shows everything currently linked. Click the add button to open a picker and search for the objects you want to connect. You can also click any row in the table to navigate directly to that linked object's detail page. Click Save when done.

Click Tasks to associate action items with this document. For example, if an annual review task must be completed before the policy can be renewed, link it here. The tab shows a table of already-linked tasks and a control to search the global task pool for tasks to add.

Click Assessments to link DPIAs, risk assessments, or other assessments that underpin or validate this policy. During an audit, an assessor can open the Assessments tab and see at a glance which assessments support the document's claims. Add or remove links with the controls in the table, then click Save.

Tip: Each of these tabs has its own Save button. Switching tabs does not trigger a save. Changes you have made on one tab are held in your session memory while you navigate to another tab, but they are not sent to the server until you explicitly click Save on each tab.

Controlling who can see the document

By default, visibility follows your organisation's global role permissions. If you need to extend or restrict access to a specific document — for example, to share a sensitive HR retention policy only with the HR team — click the Manage Access tab.

Use the Audiences dropdown to select pre-configured audience groups from your Compliance Settings. Each audience has read or write permissions baked in at the audience level. If you need to grant a single named individual access without creating a new audience group, use the Users dropdown to pick them directly.

When you are done, click Save at the bottom of the form. From that point on, only the users and audiences you have listed (plus anyone with global edit or admin permissions) can see the document in their list view.

Heads up: Manage Access controls visibility, not editing rights. Adding someone here lets them see the record. Whether they can edit it is determined by their global role permissions, not by this tab.

Moving the document through a review or approval workflow

When a policy is ready for formal sign-off — for example, an annual review by a committee — click the Trigger Workflow tab. You will see a list of available workflow templates that have been configured for Policies & Documents in your DPMS instance. Select the workflow that matches your process, fill in any required reviewer details, and click Save.

DPMS will start the workflow engine, notify the assigned reviewers, and begin tracking progress. The workflow's current state then becomes visible on the Overview tab, where you can monitor which steps have been completed and which are still pending. A Cancel Workflow button appears on the Overview tab as long as the workflow is still in progress — use it if you need to abort the cycle and start fresh.

Heads up: The Trigger Workflow tab is gated by a separate Assign Workflow permission. A DPO with full document editing rights but without this specific permission will see an access-denied page when they click the tab. If this affects you, ask your system administrator to check your permission set.

Updating the status and responsible person

At the top of the General form you will find two controls that deserve special attention: the Status badge and the Responsible Person picker.

The Status dropdown lets you move the document through its lifecycle: typically Draft, Active, or Inactive, plus any custom statuses your organisation has defined. Mark a newly approved policy as Active to make it the current version; set an outdated policy to Inactive to retire it without deleting the record.

The Responsible Person field assigns one or more users as the owners of this document. These users receive workflow notifications and appear as the named accountable parties in audit reports.

Heads up: On this edit screen, both the status and the responsible person are part of the form. They are only saved to the server when you click Save at the bottom of the General tab. On the document's detail view (the read-only page you see before clicking edit), changing these fields triggers an immediate auto-save. First-time users often confuse the two and assume the edit screen also auto-saves — it does not.

Field reference

The following fields appear on the General tab and are worth a closer look:

  • Name — The document's display title. Supports multiple languages via the AI translation helper. This field is required; you cannot save without it.
  • TypeFile or Link. Sets the storage method for the document's content. Permanent and irreversible once saved. Choose carefully.
  • Organisational Units — Associates the document with one or more parts of your company hierarchy. Influences which classification tags are available in the dropdown below and scopes the document for reporting. You can create a new organisational unit inline using the shortcut inside the dropdown.
  • Classification — One or more taxonomy tags from your Document tag type in Compliance Settings. Used for filtering and categorisation. New tags can be created inline. Multiple tags are allowed and can be changed at any time.

How this connects to the rest of DPMS

The edit screen is the engine room for every document in your compliance library. Here is how changes here flow outward:

  • The document list view at Policies & Documents picks up the name, organisational units, classification tags, and last-updated date directly from what you save on the General tab. Incomplete records appear with dashes in those columns.
  • ROPA and Assessment detail views display their linked documents using the relationships you establish on the Linked Elements and Assessments tabs of this screen. If you do not link a DPIA to the relevant policy here, it will not appear in the cross-reference.
  • International Standard Controls (visible on the document detail view) are linked from within the standards module and point back to the document record you maintain here.
  • Workflow features — including the Required Action panel on the document's detail view — depend on a workflow having been triggered from the Trigger Workflow tab of this screen.
  • Multi-language display throughout DPMS for the document name relies on the translation data entered in the Name field here. If a translation is missing, DPMS falls back to the English name.

After finishing this screen, a good next step is to revisit the document's detail view to confirm all the linked elements, tasks, and assessments appear as expected, and to verify the workflow status if one has been triggered.

Tips & common pitfalls

Heads up: The document Type (File vs. Link) is permanent. Once you save a document with a type selected, you cannot change it. If you save the wrong type, you must delete the document and create a new one. Always double-check this field before clicking Save for the first time.
Tip: Each tab has its own Save button. Navigating to a different tab without saving does not lose your changes within the same browser session, but it does mean they have not reached the server. Always click Save before closing the browser or logging out.
  • Status and Responsible Person are not auto-saved on the edit screen. Unlike the detail view, these fields on the edit screen require an explicit Save click. It is easy to change the status and then navigate away, assuming it was saved.
  • Manage Access controls visibility, not edit rights. Adding a user or audience on the Manage Access tab lets them see the document. Whether they can edit it depends on their global role, not this setting.
  • Quarantined files are invisible to most users. If a file upload appears to vanish after uploading, it may have failed the malware scan and been quarantined. Contact your IT Security team to investigate.
  • The Trigger Workflow tab requires a separate permission. Even users with full edit rights will see an access-denied page on this tab if they do not also hold the Assign Workflow permission. This is by design but often surprises users.
  • Select All on Tasks and Assessments is filter-aware. When you tick Select All in the Tasks or Assessments tab, the action applies only to the currently filtered records — not to every task or assessment in the system. If you have an active search filter running, unlinking "all" will only affect the visible filtered set.


Was this article helpful?

English
Powered by Product Fruits