Drata
Specific guidance related to using the Drata platform for your security and compliance.
Best Practices Series
Our Best Practices Series is about finding harmony between your compliance goals and fit-for-purpose business practices.
Consumer Data Right Guides
Our CDR guides summarise the security and compliance activities required to become an Accredited Data Recipient.
Control Environment
The control environment includes the governance activities that support effective onboarding, human resources, and company and team management.
Information and Communication
Information and communication is related to the systems, processes and activities that ensure information is effectively communicated.
Risk Management
Risk Management is how risks and opportunities are identified, assessed, treated, monitored and reported to support the company objectives.
Vendor Management
Vendor management refers to the risk management of third-party service providers that support critical functions and handle sensitive data.
System Security
System Security is the protection of system assets and data to ensure they are only accessed by authorised personnel.
System Operations
System Operations is the monitoring, backup, resilience and recovery practices that supports the availability and integrity objectives of the systems.
Change Management
Change Management includes the lifecycle of system development for the critical infrastructure and software.
Confidentiality
Confidentiality refers to how information is classified, handled and secured to ensure it is only accessed by authorised parties.
Privacy
Privacy refers to the protection of personal data that identifies individuals and complies with the privacy rights of those individuals.