Selecting the right controls in Drata to achieve compliance
Drata's starting position is to include ~200+ controls that support your compliance for SOC 2. These are not all required, allowing for some optionality and reducing your scope and focus accordingly.
The easiest way to narrow your focus is follow our Drata Starter framework: Drata Starter controls list.
Note: There are two tabs: Included Controls, and Controls to Descope.
De-Scope Controls
You can de-scope the controls that aren't necessary and aren't implemented. You may choose to keep some of these, this won't impact your SOC 2 audit with AssuranceLab. Once you have a list of selected controls, assign control owners to all controls to track your internal control responsibilities.
You can de-scope cards in the Controls page in Drata, by either clicking into the control and selecting "De-scope" in the top right corner of the window, or by selecting multiple control items together and selecting "Mark Out of Scope" at the top of the control list menu.
Assign Control Owners
The purpose of assigning control owners is to track internal control responsibilities. That demonstrates your governance over your compliance activities, and also helps practically ensure the controls are monitored and maintained effectively. You can click into each control to add a control owner, or select multiple together in the Controls view and "Add/Remove Control Owners" in bulk.
Check you have completely assigned control owners by using the filter on the left hand side for "No Owners Assigned" and check there are none left unassigned.
