Query Policies

Policies are documents that define your internal company processes that your employees will ultimately digitally sign and accept.

Let's look at an example query that requests all policies, regardless of their approval status. We will request the policy title, type, and the timestamp when the policy was created and last updated.

Try it now!

query GetPolicies {
  organization {
    policies {
      title
      policyType
      createdAt
      updatedAt
    }
  }
}
{
  "data": {
    "organization": {
      "policies": [
        {
          "title": "Business Continuity and Disaster Recovery Plan",
          "policyType": "business-continuity-and-disaster-recovery-plan-bsi",
          "createdAt": "2022-11-01T16:31:29.178Z",
          "updatedAt": "2022-11-01T16:31:29.875Z"
        },
        {
          "title": "Human Resource Security Policy",
          "policyType": "human-resource-security-policy-bsi",
          "createdAt": "2022-11-21T17:08:09.829Z",
          "updatedAt": "2022-11-21T17:08:10.331Z"
        },
        {
          "title": "Access Control Policy",
          "policyType": "access-control-policy-bsi",
          "createdAt": "2022-12-19T19:22:00.725Z",
          "updatedAt": "2023-03-01T13:33:53.230Z"
        },
        {
          "title": "Incident Response Plan",
          "policyType": "incident-response-plan-bsi",
          "createdAt": "2023-01-18T19:05:13.954Z",
          "updatedAt": "2023-01-24T14:33:30.492Z"
        },
        {
          "title": "Asset Management Policy",
          "policyType": "asset-management-policy-bsi",
          "createdAt": "2023-03-09T18:18:34.628Z",
          "updatedAt": "2023-03-09T18:18:35.001Z"
        },
        {
          "title": "Operations Security Policy",
          "policyType": "operations-security-policy-bsi",
          "createdAt": "2023-02-23T18:22:14.414Z",
          "updatedAt": "2023-02-23T18:22:15.165Z"
        },
        {
          "title": "Information Security Policy (AUP)",
          "policyType": "information-security-policy-bsi",
          "createdAt": "2023-03-03T18:29:50.827Z",
          "updatedAt": "2023-03-03T18:29:51.344Z"
        },
        {
          "title": "Code of Conduct",
          "policyType": "code-of-conduct-bsi",
          "createdAt": "2023-03-07T19:20:28.804Z",
          "updatedAt": "2023-03-07T19:20:31.721Z"
        }
      ]
    }
  }
}

Next, let's add an argument to only return the most recently approved version of our policies. We'll also request who approved the policy and the timestamp it was approved.

Try it now!

query GetPolicies {
  organization {
    policies(onlyApproved: true) {
      title
      approvedAt
      approver {
        displayName
        email
      }
    }
  }
}
{
  "data": {
    "organization": {
      "policies": [
        {
          "title": "Network Policy",
          "approvedAt": "2023-03-06T20:15:39.635Z",
          "approver": {
            "displayName": "Adam Sharp",
            "email": "[email protected]"
          }
        },
        {
          "title": "Business Continuity and Disaster Recovery Plan",
          "approvedAt": "2022-11-01T16:31:29.873Z",
          "approver": null
        },
        {
          "title": "Incident Response Plan",
          "approvedAt": "2023-01-24T14:33:30.489Z",
          "approver": {
            "displayName": "Jill Lux",
            "email": "[email protected]"
          }
        },
        {
          "title": "Information Security Policy (AUP)",
          "approvedAt": "2023-03-03T18:29:51.343Z",
          "approver": {
            "displayName": "Madison Carter",
            "email": "[email protected]"
          }
        },
        {
          "title": "Code of Conduct",
          "approvedAt": "2023-03-07T19:20:31.720Z",
          "approver": null
        }
      ]
    }
  }
}

Let's also check to see who uploaded the policy into Vanta and get the external URL that the policy is viewable at.

Try it now!

query GetPolicies {
  organization {
    policies(onlyApproved: true) {
      title
      uploader {
        displayName
        email
      }
      preSignedURL
    }
  }
}
{
  "data": {
    "organization": {
      "policies": [
        {
          "title": "Network Policy",
          "uploader": {
            "displayName": "Adam Sharp",
            "email": "[email protected]"
          },
          "preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
        },
        {
          "title": "Incident Response Plan",
          "uploader": {
            "displayName": "Jill Lux",
            "email": "[email protected]"
          },
          "preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
        },
        {
          "title": "Information Security Policy (AUP)",
          "uploader": {
            "displayName": "Madison Carter",
            "email": "[email protected]"
          },
          "preSignedURL": "https://some-s3-bucket.us-east-1.amazonaws.com/
        }
      ]
    }
  }
}

What’s Next

Next up, we'll learn how to scope resources in Vanta!