> ## Documentation Index > Fetch the complete documentation index at: https://www.trycomp.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Get compliance policy | Comp AI API > Retrieve a single compliance policy by its ID, including current content, draft content, review status, framework links, and audit metadata. Use this. ## OpenAPI ````yaml /openapi.json get /v1/policies/{id} openapi: 3.0.0 info: title: Comp AI API description: >- Compliance automation API for SOC 2, ISO 27001, HIPAA, GDPR, evidence collection, policy workflows, Trust Access, security questionnaires, integrations, cloud checks, and device compliance. version: '1.0' contact: {} servers: - url: https://api.trycomp.ai description: Production API Server security: [] tags: - name: Attachments description: >- Generate signed download links for files attached to compliance tasks, comments, evidence records, and workflow reviews. - name: Audit Logs description: >- Retrieve audit trails for compliance activity, evidence changes, access decisions, and customer-facing security review workflows. - name: CloudSecurity description: >- Run AWS, Azure, and GCP cloud security scans, detect enabled services, review findings, and connect cloud posture results to compliance work. x-group: Cloud Security - name: Comments description: >- Create and manage collaboration comments on compliance entities such as tasks, policies, risks, vendors, and findings. - name: Context description: >- Manage organization context that helps Comp AI tailor policies, assessments, and compliance automation to the business. - name: Controls description: >- Manage controls, map them to policies, tasks, framework requirements, and evidence document types, and track implementation progress. - name: Device Agent description: >- Register employee devices, submit device compliance check-ins, download agent builds, and manage endpoint security status. - name: Devices description: >- Read and manage employee device inventory and Fleet compliance data used for endpoint security controls. - name: Evidence Export description: >- Export task evidence, automation evidence, and reviewer-ready evidence bundles as PDF or ZIP files. - name: Evidence Export (Auditor) description: Export all organization evidence for an auditor review package. - name: Evidence Forms description: >- Collect, review, upload, and export structured evidence submissions for compliance tasks and document requirements. - name: Findings description: >- Create, review, update, and track audit findings, remediation activity, and finding history for an organization. - name: Frameworks description: >- Manage SOC 2, ISO 27001, HIPAA, GDPR, and custom framework instances, requirements, scores, and sync history. - name: ISMS - name: Integrations description: >- Connect vendor systems, configure OAuth apps, run compliance checks, sync employees, manage variables, and collect automated evidence. - name: Knowledge Base description: >- Upload source documents, process them for retrieval, and manage reusable manual answers that power questionnaires and AI policy workflows. - name: Offboarding Checklist - name: Org Chart description: >- Manage organization chart metadata and evidence used for governance, accountability, and audit readiness. - name: Organization description: >- Manage organization profile data, API keys, logos, ownership, role notifications, and access approval settings. - name: People description: >- Invite and manage workforce members, training status, device compliance, email preferences, and employee evidence records. - name: Policies description: >- Create, version, publish, export, map, and improve compliance policies with AI-assisted drafting and approval workflows. - name: Questionnaire description: >- Parse security questionnaires, generate answers from approved evidence, save reviewer edits, stream progress, and export completed files. - name: Risks description: >- Create, update, and report on organizational risks with ownership, departments, and compliance remediation status. - name: Roles description: >- Create custom roles and resolve permission sets for organization-level access control. - name: SOA description: >- Create, auto-fill, review, approve, and export ISO 27001 Statement of Applicability documents. x-group: Statement of Applicability - name: Security Penetration Tests description: >- Create AI-powered penetration test runs, track progress, inspect findings and events, and download markdown or PDF reports. - name: Task Automations description: >- Create, version, run, and inspect automated evidence collection workflows attached to compliance tasks. - name: Task Management description: >- Manage task items and attachments linked to operational entities such as risks and vendors. - name: Tasks description: >- Manage compliance task lifecycle, assignments, review approvals, evidence uploads, policy links, and activity history. - name: Timelines description: >- Track audit and compliance readiness timelines, phases, and review milestones for an organization. - name: Training description: >- Record security awareness and HIPAA training completion status and generate completion certificates. - name: Trust Access description: >- Manage external Trust Center access requests, NDA signing, grants, tokenized document downloads, public FAQs, and reviewer access. - name: Trust Portal description: >- Configure the live Trust Center, custom domain, public overview, FAQs, compliance resources, documents, links, and vendor disclosures. - name: Uploads - name: Vendors description: >- Manage third-party vendors, global vendor search, risk assessment triggers, and Trust Center vendor visibility. paths: /v1/policies/{id}: get: tags: - Policies summary: Get compliance policy description: >- Retrieve a single compliance policy by its ID, including current content, draft content, review status, framework links, and audit metadata. Use this to read or inspect one policy in detail. If you only have a policy name, find its ID first by listing compliance policies. operationId: PoliciesController_getPolicy_v1 parameters: - name: X-Organization-Id in: header description: >- Organization ID (required for session auth, optional for API key auth) required: false schema: type: string - name: id required: true in: path description: Policy ID schema: example: pol_abc123def456 type: string responses: '200': description: Policy retrieved successfully content: application/json: schema: $ref: '#/components/schemas/PolicyResponseDto' example: id: pol_abc123def456 name: Data Privacy Policy status: draft content: - type: paragraph content: - type: text text: ... isRequiredToSign: true signedBy: [] createdAt: '2024-01-01T00:00:00.000Z' updatedAt: '2024-01-15T00:00:00.000Z' organizationId: org_abc123def456 '401': description: Unauthorized - Invalid authentication or insufficient permissions content: application/json: schema: type: object properties: message: type: string example: Unauthorized '404': description: Policy not found content: application/json: schema: type: object properties: message: type: string example: Policy with ID pol_abc123def456 not found security: - apikey: [] components: schemas: PolicyResponseDto: type: object properties: id: type: string description: The policy ID example: pol_abc123def456 name: type: string description: Name of the policy example: Data Privacy Policy description: type: string description: Description of the policy example: This policy outlines how we handle and protect personal data nullable: true status: type: string description: Status of the policy enum: - draft - published - needs_review example: draft content: type: array description: Content of the policy as TipTap JSON (array of nodes) example: - type: heading attrs: level: 2 textAlign: null content: - type: text text: Purpose - type: paragraph attrs: textAlign: null content: - type: text text: >- Verify workforce integrity and grant the right access at start, revoke at end. items: type: object additionalProperties: true frequency: type: string description: Review frequency of the policy enum: - monthly - quarterly - yearly example: yearly nullable: true department: type: string description: >- Department this policy applies to. May be one of the built-in values (none, admin, gov, hr, it, itsm, qms) or a custom department name. example: it nullable: true isRequiredToSign: type: boolean description: Whether this policy requires a signature example: true signedBy: type: array description: List of user IDs who have signed this policy example: - usr_123 - usr_456 items: type: string reviewDate: format: date-time type: string description: Review date for the policy example: '2024-12-31T00:00:00.000Z' nullable: true isArchived: type: boolean description: Whether this policy is archived example: false archivedAt: format: date-time type: string description: When the policy was archived by framework sync example: '2024-02-01T00:00:00.000Z' nullable: true createdAt: format: date-time type: string description: When the policy was created example: '2024-01-01T00:00:00.000Z' updatedAt: format: date-time type: string description: When the policy was last updated example: '2024-01-15T00:00:00.000Z' lastArchivedAt: format: date-time type: string description: When the policy was last archived example: '2024-02-01T00:00:00.000Z' nullable: true lastPublishedAt: format: date-time type: string description: When the policy was last published example: '2024-01-10T00:00:00.000Z' nullable: true organizationId: type: string description: Organization ID this policy belongs to example: org_abc123def456 assigneeId: type: string description: ID of the user assigned to this policy example: usr_abc123def456 nullable: true approverId: type: string description: ID of the user who approved this policy example: usr_xyz789abc123 nullable: true policyTemplateId: type: string description: ID of the policy template this policy is based on example: plt_template123 nullable: true required: - id - name - description - status - content - frequency - department - isRequiredToSign - signedBy - reviewDate - isArchived - archivedAt - createdAt - updatedAt - lastArchivedAt - lastPublishedAt - organizationId - assigneeId - approverId - policyTemplateId securitySchemes: apikey: type: apiKey in: header name: X-API-Key description: API key for authentication ````