Get started with Drata + AssuranceLab in 15 minutes
Drata + AssuranceLab: QuickStart Guide
Table of Contents
- Step 1: Getting into your Drata Tenant
- Step 2: Connecting your systems
- Step 3: Uploading your AssuranceLab Framework CSV via Custom Frameworks
- Step 4: Create Audit Package
- Step 5: Provide AssuranceLab Auditor Access
- Step 6: Tell us about your systems
Step 1: Getting into your Drata Tenant
Visit app.drata.com, enter the email address you provided. You will then receive the following notification (on right) to check the email inbox of the email you just entered.
Note: This email should be have the same domain as your
organization/company. (Eg. org name is “wowindustries”. Email is “person@wowindustries.org”) It should not be a personal email address.
Step 1.1: Log in to your email account in the same browser that you provided in Step 1 and click on the email from Drata.
Note: check your spam inbox in case you did not receive the email in your inbox. If this does not work, retry inputting your email in Step 1 again.
Click the link “Get Started”, as shown below. You will then be redirected to your Drata dashboard.
Step 2: Connecting your systems
Begin with the Quick Start at the top left corner. This will guide you through making your first connections to Drata.
Step 2.1: You will want to begin with Identity Provider connections (you can continue with other connections, but this is a good place to start in order to get sign-on working for other users). Connections are API connections that utilize the principle of least privilege to only view configuration data for attestation/evidence collection in the audit process.
For detailed instructions of supported connections click the Question Mark in the top right corner
From the Help Center, search through instructions on any connections you wish to make.
Follow the instructions for the appropriate Connection.
Note: For any connection you’re making, you will need to involve or have Administrator credentials for that account. Please involve any IT/Admin/stakeholder/application owner in this process as necessary to make these connections.
Connections can also take some time, depending on the size of the organization and the Identity Provider you are using. Please allow up to 10 minutes for connections to initialize and complete.
Step 2.2: Once you have brought in employees via Identity connections, it’s a good idea to set up some other admins beyond yourself. You will then want to invite oth
er admins in your organization who will be driving the software, making connections, and/or evaluating the system.
Under your name, click on the org name (in this case, it’s “Acme Company”) and then select “Role Administration”.
From here you will be able to select employees brought in from your Identity Provider to be Drata Account Administrators. They will also follow Step 1 to gain access.
There are three types of Privileged Roles in Drata:
- Account Administrators: These users have read and edit rights to everything across the account.
- Tech Governance Team (Information Security Engineers): these users have all of the same rights and access as Account Administrators EXCEPT for access to the Role Administration page. They cannot set other Admin rights
- Risk Manager: These users have access to a suite of risk management tools that let them build a risk register, score risks, assign risk owners, and complete other tasks related to threat-based risks.
Step 3: Uploading your AssuranceLab Framework CSV via Custom Frameworks
Since you will be using a subset of the Drata controls, we will upload a custom Framework, using the .csv file that AssuranceLab has provided.
Step 3.1: Click on “Frameworks” and then “Create new Custom Framework” - button on the top right of the Frameworks page. Enter details including Name and a Short name (used for filters on the Controls page).
Name: Drata Starter
Short Name: Drata Starter
Description: The Drata Starter playbook is the MVP of compliance that provides a clear, simple, and fast path to achieving SOC by leveraging maximum automation from Drata.
You will then upload your .csv file (do not click “download template”, AssuranceLab has done this for you). Once you have confirmed the upload you will see the following screen:
If you get the following error, it is because you have descoped a control. Please add those controls back into scope (you can do this from the Controls page in Drata) and upload the framework again. If you believe those controls are truly not applicable for you, you can descope them again. Please ensure you provide comments in Drata on the rationale for descoping. As your auditor, we will need to review this rationale and may need to discuss further with you.
Step 4: Create Audit Package
Go to the Audit Hub section of Drata on the left side menu. Click “Create Audit” on the right side of the screen. Select the relevant framework (e.g. “Drata Starter”) and select the date range of your SOC audit.
Note: Please ensure the date range starts in the past and continues beyond the time period we'll be working through the audit. It can be changed later, but this ensures all required evidence is available.
Note: It’s key to select a date range rather than a single date. A single date means we will only be able to receive test evidence for that date.
Step 5: Provide AssuranceLab Auditor Access
Now that you’ve created your Drata Starter Audit, click “Open Audit”. Click the “+” in the right of the “Auditors” box to create a new auditor or select an existing auditor profile. To create a new auditor, add the three personnel’s details below for our audit team and toggle on “Read only access to the entire app” and “Download for Controls, Tests and Requirements” for each of those. For existing profiles, select the auditor name in the “Previous auditors” drop down menu and click “Confirm”.
Note: If you have any concerns with this access, get in touch with us. The purpose of this access is to support you through the process.
AssuranceLab Team
Please add your assigned audit team members only to your Drata instance and the audit package. Your audit team will typically be assigned
Note: Our PillarGRC email domain is used for most of our team as we have our own Drata instance with Assurancelab.com.au. PillarGRC is our audit platform domain.
| First Name | Last Name | Firm Name | |
| Paul | Wenham | paul@pillargrc.com | AssuranceLab |
| Davor | Lovric | davor@pillargrc.com | |
| Lachlan | Pound | lachlan@pillargrc.com | |
| Claire | Mcinally | claire.mcinally@assurancelab.cpa | |
| Joel | Ferguson | joel.ferguson@assurancelab.cpa | |
| Thomas | Faithfull | thomas.faithfull@assurancelab.cpa | |
| Jesse | Britto | jesse.britto@assurancelab.cpa | |
| Carlos | Vargas | carlos.vargas@assurancelab.cpa | |
| Jessica | Murphy | jessica.murphy@assurancelab.cpa | |
| Aaron | Bennett | aaron.bennett@assurancelab.cpa | |
| Dara | O'Sullivan | dara.osullivan@assurancelab.cpa | |
| Patrick | O'Keeffe | patrick.o@assurancelab.cpa | |
| Kyle | Ferguson | kyle@assurancelab.cpa | |
| Vlora | Ramadani | vlora.ramadani@assurancelab.cpa |
Step 6: Tell us about your systems
An important part of the audit process is ensuring the right scope has been set and sufficiently covered throughout the audit testing. To simplify this, we've developed the scoping checklist that summarises the 'what, how and who' of your system. This is to be completed and shared with your auditors (e.g. an email to Paul and Cherica).