Drata Starter Quick Start Guide

Get Audit Ready in 5 Steps with Sensiba

Connecting your Key Systems

Start with the Quick Start button in the top left corner of Drata — this walks you through your first connections.

Systems to connect:

  • Cloud Providers

  • Identity Providers (IDP)

  • Version Control (GitHub, GitLab, Bitbucket, etc.)

  • HRIS (Human Resource Information Systems)

  • Datastores

  • Mobile Device Management (MDM)

👉 In-scope = production systems, sensitive information, or user data
👉 Out-of-scope = test, sandbox, or non-production systems

Connections use the principle of least privilege — Drata only pulls configuration data needed for evidence.

💡 Tip: You’ll need admin credentials for each system. Loop in IT, app owners, or stakeholders as needed.
📖 For step-by-step instructions, view more about the Quick Start in Drata here.

Get Your Drata Instance Audit-Ready

Beyond your initial connections and system description, there are a few key areas in Drata that help ensure you’re truly audit ready. Taking the time to configure these properly now will save time later.

Focus areas to review in Drata:

  • Personnel in scope: Confirm all employees who should be part of the audit are added — and that only relevant people are included. (For example, contractors are generally excluded unless they have access to critical systems.)

  • Policy management: Upload your required policies, assign them to the right staff, and track acknowledgements.

    • We also offer a Policy Generator (PolicyTree) that creates robust, tailor-fit policies aligned with your controls. This is optional — you can use Drata’s policies instead — but if you choose PolicyTree, you’ll need to upload those policies into Drata. You can create them here.

  • Risk management: Document your risks, define mitigation plans, and assign ownership — especially for critical or high risks.

  • Vendor management: Add your critical vendors, assign risk ratings, and complete reviews for those rated high or critical.

  • Monitoring tests: Configure key monitoring checks so controls are continuously validated within Drata.


📖 For a detailed step-by-step walkthrough, check out Drata’s SOC 2 Checklist.

💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.

Scoping your Controls

Drata comes with a broad set of default controls, but you don’t need all of them for your audit.

  • Your audit with us only requires a subset of controls.

  • The Drata Starter Framework includes 63 controls, each with guidance, tips, and examples.

  • You can safely descope/exclude any controls that aren’t relevant to your audit, as per our control listing provided below.

📖 Download and View the full list here

💡 Tip: Focus on quality over quantity — only keep controls that truly apply to your environment.

Create Audit Package

Set up your audit so we can join you in Drata.

  1. Go to the Audit Hub tab → select Create Audit

  2. Enter your audit details:

    • Audit type (e.g. SOC 2)

    • Audit period → use past dates up to the current date. 

      • If you're unsure, don't worry! we can always adjust the dates for you at a later stage.
  3. Add your auditors from the dropdown or by inviting new ones

📖 Learn more about audit periods here

 

Provide Sensiba Auditor Access

Once your audit is created, give our team access:

  1. Go to Audit HubOpen Audit

  2. Select the edit icon under Assigned auditors.

3. Add our audit team address: drata@drata.assurancelab.cpa

  • This ensures we can start supporting you right away
4. Toggle on:
  • Read only access
  • Download for Controls, Tests and Requirements

💡 Note: Your dedicated audit team member will be assigned after your Kick-Off call. They’ll let you know when to add their individual account.

Complete your System Description

This is a key step for your audit:

  • It forms the basis of your final SOC 2 report

  • It tells your auditor exactly which systems are in scope

You can complete it by following the instructions linked here.

💡 Tip: Do this early to give your auditor full context from the start.

Need Help?

We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com.