Drata27001: step-by-step guide

Table of contents 

Step 1: ISO 27001 Scoping Launchpad

Step 2: Create Audit Package

Step 3: Provide AssuranceLab Auditor Access

Step 4: Tell us about your systems

 

Step 1: ISO 27001 Scoping Launchpad

The first step of your ISO 27001 journey with AssuranceLab is to complete the ISO 27001 scoping launchpad.

The purpose of this app is to start your ISO 27001 certification journey with a tailored audit plan covering the end to end three year certification cycle!

If you're keen to get the help of an external consultant or something similar, these can be found on our Partner Page!

 

Step 2: Create Audit Package

Once your custom import has been organised into Drata, it’s now time to create your audit package!

Go to the Audit Hub section of Drata on the left side menu. Click “Create Audit” on the right side of the screen. Select the relevant framework (e.g. “ISO 27001”) and select the date range of your ISO audit.

Note: Please ensure the date range starts in the past and continues beyond the time period we'll be working through the audit. It can be changed later, but this ensures all required evidence is available.

Create audit package

Note: It’s key to select a date range rather than a single date. A single date means we will only be able to receive test evidence for that date.

 

Step 3: Provide AssuranceLab Auditor Access

Now that you’ve created your Drata Starter Audit, click “Open Audit”. Click the “+” in the right of the “Auditors” box to create a new auditor or select an existing auditor profile. To create a new auditor, add the three personnel’s details below for our audit team and toggle on “Read only access to the entire app” and “Download for Controls, Tests and Requirements” for each of those. For existing profiles, select the auditor name in the “Previous auditors” drop down menu and click “Confirm”.

Provide AL Access

Provide AL access 2

Note: If you have any concerns with this access, get in touch with us. The purpose of this access is to support you through the process.

AssuranceLab Team

Please add your assigned audit team members only to your Drata instance and the audit package. Your audit team will typically be assigned 

Note: Our PillarGRC email domain is used for most of our team as we have our own Drata instance with Assurancelab.com.au. PillarGRC is our audit platform domain.

 

Step 4: Tell us about your systems

An important part of the audit process is ensuring the right scope has been set and sufficiently covered throughout the audit testing. To simplify this, we've developed the scoping checklist that summarises the 'what, how and who' of your system. This is to be completed and shared with your auditors via email. 

System Scoping Checklist