How Drata + AssuranceLab continuous audit works
OVERVIEW
Continuous audit progressively completes your audits over the industry standard 12 month reporting cycle. In contrast to traditional audits conducted at the end of the period:
- You get feedback when it's relevant;
- Increased confidence your compliance is on track year-round; and
- It proves your compliance has been maintained with clear audit progress for your customers peace of mind.
It also reduces the disruption of audits, speeds up reporting when period end rolls around, and has inherent efficiencies where audits are put on autopilot with your continuous monitoring in Drata.
CONTINUOUS AUDIT PLAN
Initial setup: Create your audit package and ensure we have auditor read only access to your environment. Go to Audit Hub, create audit and select the applicable date rate. Here's more on how to do this.
Monthly topical focus: about ~30% of your controls are based on periodic reviews and event-driven sample testing. We've aligned a calendar of topical focus areas to complete these areas so you know exactly what's required, and we can provide feedback as the controls are performed.
Remaining controls: Your remaining controls are on autopilot. They are continuously monitored, or otherwise documented in Drata. We will progressively work through these items during the audit period in the background, and just let you know if there's any issues with them. All you need to do, is maintain oversight of those controls; if tests fail, evidence expires, or other alerts are raised by Drata for the scope of Drata Starter controls, address those accordingly.
Month | Controls |
January: Risk and Controls |
Risk Assessments:
Controls Assessments:
|
New joiners:
Current employees:
|
|
March: Vulnerabilities and Vendors |
Vulnerabilities:
Vendors:
|
April: Access and Assets |
Access Control:
Asset Management:
|
May: Incidents and Changes |
Incidents:
Changes:
|
June: Governance & BCDR Tests |
Board/Management:
Business Continuity and Disaster Recovery:
|
July: Risk and Controls | As above in January. |
August: Employees | As above in February. |
September: Vulnerabilities and Vendors | As above in March. |
October: Access and Assets | As above in April. |
November: Incidents and Changes | As above in May. |
December: Board & BCDR Tests | As above in June. |