Query Policies
Policies are documents that define your internal company processes that your employees will ultimately digitally sign and accept.
Let's look at an example query that requests all policies, regardless of their approval status. We will request the policy title, type, and the timestamp when the policy was created and last updated.
query GetPolicies {
organization {
policies {
title
policyType
createdAt
updatedAt
}
}
}
{
"data": {
"organization": {
"policies": [
{
"title": "Business Continuity and Disaster Recovery Plan",
"policyType": "business-continuity-and-disaster-recovery-plan-bsi",
"createdAt": "2022-11-01T16:31:29.178Z",
"updatedAt": "2022-11-01T16:31:29.875Z"
},
{
"title": "Human Resource Security Policy",
"policyType": "human-resource-security-policy-bsi",
"createdAt": "2022-11-21T17:08:09.829Z",
"updatedAt": "2022-11-21T17:08:10.331Z"
},
{
"title": "Access Control Policy",
"policyType": "access-control-policy-bsi",
"createdAt": "2022-12-19T19:22:00.725Z",
"updatedAt": "2023-03-01T13:33:53.230Z"
},
{
"title": "Incident Response Plan",
"policyType": "incident-response-plan-bsi",
"createdAt": "2023-01-18T19:05:13.954Z",
"updatedAt": "2023-01-24T14:33:30.492Z"
},
{
"title": "Asset Management Policy",
"policyType": "asset-management-policy-bsi",
"createdAt": "2023-03-09T18:18:34.628Z",
"updatedAt": "2023-03-09T18:18:35.001Z"
},
{
"title": "Operations Security Policy",
"policyType": "operations-security-policy-bsi",
"createdAt": "2023-02-23T18:22:14.414Z",
"updatedAt": "2023-02-23T18:22:15.165Z"
},
{
"title": "Information Security Policy (AUP)",
"policyType": "information-security-policy-bsi",
"createdAt": "2023-03-03T18:29:50.827Z",
"updatedAt": "2023-03-03T18:29:51.344Z"
},
{
"title": "Code of Conduct",
"policyType": "code-of-conduct-bsi",
"createdAt": "2023-03-07T19:20:28.804Z",
"updatedAt": "2023-03-07T19:20:31.721Z"
}
]
}
}
}
Next, let's add an argument to only return the most recently approved version of our policies. We'll also request who approved the policy and the timestamp it was approved.
query GetPolicies {
organization {
policies(onlyApproved: true) {
title
approvedAt
approver {
displayName
email
}
}
}
}
{
"data": {
"organization": {
"policies": [
{
"title": "Network Policy",
"approvedAt": "2023-03-06T20:15:39.635Z",
"approver": {
"displayName": "Adam Sharp",
"email": "[email protected]"
}
},
{
"title": "Business Continuity and Disaster Recovery Plan",
"approvedAt": "2022-11-01T16:31:29.873Z",
"approver": null
},
{
"title": "Incident Response Plan",
"approvedAt": "2023-01-24T14:33:30.489Z",
"approver": {
"displayName": "Jill Lux",
"email": "[email protected]"
}
},
{
"title": "Information Security Policy (AUP)",
"approvedAt": "2023-03-03T18:29:51.343Z",
"approver": {
"displayName": "Madison Carter",
"email": "[email protected]"
}
},
{
"title": "Code of Conduct",
"approvedAt": "2023-03-07T19:20:31.720Z",
"approver": null
}
]
}
}
}
Let's also check to see who uploaded the policy into Vanta and get the external URL that the policy is viewable at.
query GetPolicies {
organization {
policies(onlyApproved: true) {
title
uploader {
displayName
email
}
preSignedURL
}
}
}
{
"data": {
"organization": {
"policies": [
{
"title": "Network Policy",
"uploader": {
"displayName": "Adam Sharp",
"email": "[email protected]"
},
"preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
},
{
"title": "Incident Response Plan",
"uploader": {
"displayName": "Jill Lux",
"email": "[email protected]"
},
"preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
},
{
"title": "Information Security Policy (AUP)",
"uploader": {
"displayName": "Madison Carter",
"email": "[email protected]"
},
"preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
}
]
}
}
}
Updated about 1 year ago