Get Audit Ready in 5 Steps with Sensiba
Connecting your Key Systems
Start with the Quick Start button in the top left corner of Drata — this walks you through your first connections.
Systems to connect:
-
Cloud Providers
-
Identity Providers (IDP)
-
Version Control (GitHub, GitLab, Bitbucket, etc.)
-
HRIS (Human Resource Information Systems)
-
Datastores
-
Mobile Device Management (MDM)
👉 In-scope = production systems, sensitive information, or user data
👉 Out-of-scope = test, sandbox, or non-production systems
Connections use the principle of least privilege — Drata only pulls configuration data needed for evidence.
💡 Tip: You’ll need admin credentials for each system. Loop in IT, app owners, or stakeholders as needed.
📖 For step-by-step instructions, view more about the Quick Start in Drata here.
Get Your Drata Instance Audit-Ready
Beyond your initial connections and system description, there are a few key areas in Drata that help ensure you’re truly audit ready. Taking the time to configure these properly now will save time later.
Focus areas to review in Drata:
-
Personnel in scope: Confirm all employees who should be part of the audit are added — and that only relevant people are included. (For example, contractors are generally excluded unless they have access to critical systems.)
-
Policy management: Upload your required policies, assign them to the right staff, and track acknowledgements.
-
We also offer a Policy Generator (PolicyTree) that creates robust, tailor-fit policies aligned with your controls. This is optional — you can use Drata’s policies instead — but if you choose PolicyTree, you’ll need to upload those policies into Drata. You can create them here.
-
-
Risk management: Document your risks, define mitigation plans, and assign ownership — especially for critical or high risks.
-
Vendor management: Add your critical vendors, assign risk ratings, and complete reviews for those rated high or critical.
-
Monitoring tests: Configure key monitoring checks so controls are continuously validated within Drata.
📖 For a detailed step-by-step walkthrough, check out Drata’s SOC 2 Checklist.
💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.
Scoping your Controls
Drata comes with a broad set of default controls, but you don’t need all of them for your audit.
-
Your audit with us only requires a subset of controls.
-
The Drata Starter Framework includes 63 controls, each with guidance, tips, and examples.
-
You can safely descope/exclude any controls that aren’t relevant to your audit, as per our control listing provided below.
📖 Download and View the full list here
💡 Tip: Focus on quality over quantity — only keep controls that truly apply to your environment.
Create Audit Package
Set up your audit so we can join you in Drata.
-
Go to the Audit Hub tab → select Create Audit
-
Enter your audit details:
-
Audit type (e.g. SOC 2)
-
Audit period → use past dates up to the current date.
- If you're unsure, don't worry! we can always adjust the dates for you at a later stage.
-
-
Add your auditors from the dropdown or by inviting new ones
📖 Learn more about audit periods here
Provide Sensiba Auditor Access
Once your audit is created, give our team access:
-
Go to Audit Hub → Open Audit
-
Select the edit icon under Assigned auditors.
3. Add our audit team address: drata@drata.assurancelab.cpa
- This ensures we can start supporting you right away
- Read only access
- Download for Controls, Tests and Requirements
💡 Note: Your dedicated audit team member will be assigned after your Kick-Off call. They’ll let you know when to add their individual account.
Complete your System Description
This is a key step for your audit:
-
It forms the basis of your final SOC 2 report
-
It tells your auditor exactly which systems are in scope
You can complete it by following the instructions linked here.
💡 Tip: Do this early to give your auditor full context from the start.
Need Help?
We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com.