Drata tailored: step-by-step guide

Table of contents 

Step 1: ISO 27001 Scoping Launchpad

Step 2: Pillar Readiness Assessment

Step 3: Create audit package

Step 4: Provide AssuranceLab auditor access

Step 5: Tell us about your systems

 

Step 1: ISO 27001 Scoping Launchpad

The first step of your ISO 27001 journey with AssuranceLab is to complete the ISO 27001 scoping launchpad.

The purpose of this app is to start your ISO 27001 certification journey with a tailored audit plan covering the end to end three year certification cycle!

If you're keen to get the help of an external consultant or something similar, these can be found on our Partner Page!

 

Step 2: Pillar Readiness Assessment

The next step of your ISO journey with AssuranceLab is to complete the Pillar Readiness Assessment. When you enter Pillar, head over to the assessments page and choose:

  • ISO 27001: ISMS (these are your ISO 27001 clauses)
  • ISO 27001: 2022 (these are your Annex A Controls)

Once completed, your auditors will organise your custom framework import for Drata and you’re on your way to certification through stage 1 and 2!

 

Step 3: Create Audit Package

Once your custom import has been organised into Drata, it’s now time to create your audit package!

Go to the Audit Hub section of Drata on the left side menu. Click “Create Audit” on the right side of the screen. Select the relevant framework (e.g. “ISO 27001”) and select the date range of your ISO audit.

Note: Please ensure the date range starts in the past and continues beyond the time period we'll be working through the audit. It can be changed later, but this ensures all required evidence is available.

Create audit package

Note: It’s key to select a date range rather than a single date. A single date means we will only be able to receive test evidence for that date.

 

Step 4:  Provide AssuranceLab auditor access

Now that you’ve created your Drata Starter Audit, click “Open Audit”. Click the “+” in the right of the “Auditors” box to create a new auditor or select an existing auditor profile. To create a new auditor, add the three personnel’s details below for our audit team and toggle on “Read only access to the entire app” and “Download for Controls, Tests and Requirements” for each of those. For existing profiles, select the auditor name in the “Previous auditors” drop down menu and click “Confirm”.

Provide AL AccessProvide AL access 2

Note: If you have any concerns with this access, get in touch with us. The purpose of this access is to support you through the process.

AssuranceLab Team

Please add your assigned audit team members only to your Drata instance and the audit package. Your audit team will typically be assigned 

Note: Our PillarGRC email domain is used for most of our team as we have our own Drata instance with Assurancelab.com.au. PillarGRC is our audit platform domain.

 

Step 5: Tell us about your systems!

An important part of the audit process is ensuring the right scope has been set and sufficiently covered throughout the audit testing. To simplify this, we've developed the scoping checklist that summarises the 'what, how and who' of your system. This is to be completed and shared with your auditors via email. 

System Scoping Checklist