QuickStart Guide

Get started with Drata + AssuranceLab in 15 minutes

Drata + AssuranceLab: QuickStart Guide


Table of Contents

  • Step 1: Getting into your Drata Tenant
  • Step 2: Connecting your systems
  • Step 3: Uploading your AssuranceLab Framework CSV via Custom Frameworks
  • Step 4: Create Audit Package
  • Step 5: Provide AssuranceLab Auditor Access
  • Step 6: Tell us about your systems 


Step 1: Getting into your Drata Tenant

Visit app.drata.com, enter the email address you provided. You will then receive the following notification (on right) to check the email inbox of the email you just entered.

Note: This email should be have the same domain as your

organization/company. (Eg. org name is “wowindustries”. Email is “person@wowindustries.org”) It should not be a personal email address.


Step 1.1: Log in to your email account in the same browser that you provided in Step 1 and click on the email from Drata.

Note: check your spam inbox in case you did not receive the email in your inbox. If this does not work, retry inputting your email in Step 1 again.


Click the link “Get Started”, as shown below. You will then be redirected to your Drata dashboard.

Step 2: Connecting your systems

Begin with the Quick Start at the top left corner. This will guide you through making your first connections to Drata.



Step 2.1: You will want to begin with Identity Provider connections (you can continue with other connections, but this is a good place to start in order to get sign-on working for other users). Connections are API connections that utilize the principle of least privilege to only view configuration data for attestation/evidence collection in the audit process.

For detailed instructions of supported connections click the Question Mark in the top right corner

From the Help Center, search through instructions on any connections you wish to make.

Help Center


Follow the instructions for the appropriate Connection.

Note: For any connection you’re making, you will need to involve or have Administrator credentials for that account. Please involve any IT/Admin/stakeholder/application owner in this process as necessary to make these connections.


Connections can also take some time, depending on the size of the organization and the Identity Provider you are using. Please allow up to 10 minutes for connections to initialize and complete.


Role Admin

Step 2.2: Once you have brought in employees via Identity connections, it’s a good idea to set up some other admins beyond yourself. You will then want to invite oth

er admins in your organization who will be driving the software, making connections, and/or evaluating the system.

Under your name, click on the org name (in this case, it’s “Acme Company”) and then select “Role Administration”.

From here you will be able to select employees brought in from your Identity Provider to be Drata Account Administrators. They will also follow Step 1 to gain access.


There are three types of Privileged Roles in Drata:

  • Account Administrators: These users have read and edit rights to everything across the account.
  • Tech Governance Team (Information Security Engineers): these users have all of the same rights and access as Account Administrators EXCEPT for access to the Role Administration page. They cannot set other Admin rights
  • Risk Manager: These users have access to a suite of risk management tools that let them build a risk register, score risks, assign risk owners, and complete other tasks related to threat-based risks.


Step 3: Uploading your AssuranceLab Framework CSV via Custom Frameworks

Since you will be using a subset of the Drata controls, we will upload a custom Framework, using the .csv file below:

Drata Starter - SOC 2 Framework (Security, Availability and Confidentiality)

If you have an audit with Privacy and/or Processing Integrity, contact your auditor for the framework.


Step 3.1: Click on “Frameworks” and then “Create new Custom Framework” - button on the top right of the Frameworks page. Enter details including Name and a Short name (used for filters on the Controls page).


Name: Drata Starter

Short Name: Drata Starter

Description: The Drata Starter playbook is the MVP of compliance that provides a clear, simple, and fast path to achieving SOC by leveraging maximum automation from Drata.


Custom framework

You will then upload your .csv file (do not click “download template”, AssuranceLab has done this for you). Once you have confirmed the upload you will see the following screen:


If you get the following error, it is because you have descoped a control. Please add those controls back into scope (you can do this from the Controls page in Drata) and upload the framework again. If you believe those controls are truly not applicable for you, you can descope them again. Please ensure you provide comments in Drata on the rationale for descoping. As your auditor, we will need to review this rationale and may need to discuss further with you. 


Step 4: Create Audit Package

Go to the Audit Hub section of Drata on the left side menu. Click “Create Audit” on the right side of the screen. Select the relevant framework (e.g. “Drata Starter”) and select the date range of your SOC audit.

Note: Please ensure the date range starts in the past and continues beyond the time period we'll be working through the audit. It can be changed later, but this ensures all required evidence is available.


Create audit package

Note: It’s key to select a date range rather than a single date. A single date means we will only be able to receive test evidence for that date.


Step 5: Provide AssuranceLab Auditor Access

Now that you’ve created your Drata Starter Audit, click “Open Audit”. Click the “+” in the right of the “Auditors” box to create a new auditor or select an existing auditor profile. To create a new auditor, add the three personnel’s details below for our audit team and toggle on “Read only access to the entire app” and “Download for Controls, Tests and Requirements” for each of those. For existing profiles, select the auditor name in the “Previous auditors” drop down menu and click “Confirm”.

Provide AL Access

Provide AL access 2

Note: If you have any concerns with this access, get in touch with us. The purpose of this access is to support you through the process.


AssuranceLab Team

Please add your assigned audit team members only to your Drata instance and the audit package. Your audit team will typically be assigned 


Note: Our PillarGRC email domain is used for most of our team as we have our own Drata instance with Assurancelab.com.au. PillarGRC is our audit platform domain.

First Name Last Name Email Firm Name
Paul Wenham paul@pillargrc.com AssuranceLab
Davor Lovric davor@pillargrc.com
Lachlan Pound lachlan@pillargrc.com
Claire Mcinally claire.mcinally@assurancelab.cpa
Joel Ferguson joel.ferguson@assurancelab.cpa
Thomas Faithfull thomas.faithfull@assurancelab.cpa
Jesse Britto jesse.britto@assurancelab.cpa
Carlos Vargas carlos.vargas@assurancelab.cpa
Jessica Murphy jessica.murphy@assurancelab.cpa
Aaron Bennett aaron.bennett@assurancelab.cpa
Dara O'Sullivan dara.osullivan@assurancelab.cpa
Patrick O'Keeffe patrick.o@assurancelab.cpa
Kyle Ferguson kyle@assurancelab.cpa
Vlora Ramadani vlora.ramadani@assurancelab.cpa

Step 6: Complete your System Description

The System Description serves two main purposes:

a) It forms the basis of your final SOC 2 report.

b) By completing it early, it ensures your auditor knows which systems to test and what is in scope for your engagement.


Completing it is a prerequisite to testing. It takes about ~10 minutes to complete.

Please click the appropriate link below to get started:

Drata Starter SOC 2 Audit: Click here and use the access code "MzXERyDF28"

Drata Starter SOC 2 + HIPPA and/or GDPR: Click here and use the access code "t8gKSNVxjD"

The link will lead you to Policy Tree after completing the System Description. Policy Tree is an optional exercise which generates tailored policies for your business. If you already have policies, you do not need to complete Policy Tree.