Skip to content
English
Ask our team
Go to sensiba.com
  • There are no suggestions because the search field is empty.

Drata SOC 2 Type 1 Quick Start Guide

Get Audit Ready in 5 Steps with Sensiba

This guide will help you fast-track your audit readiness and ensure you're fully prepared for success.

    1. Connecting your Key Systems

    Begin your compliance journey using Drata's Quick Start button in the top left corner—it streamlines your initial system connections.

    Essential System Integrations

    • Cloud Providers (AWS, Azure, GCP)
    • Databases (PostgreSQL, MySQL, MongoDB)
    • Version Control (GitHub, GitLab, Bitbucket)
    • Identity Providers (Microsoft, Okta, Azure AD, Google Workspace)
    • Mobile Device Management (Jamf, Kandji, Intune)

    ✅ In-scope: Production systems, databases containing sensitive data, and any infrastructure processing customer information

    ❌ Out-of-scope: Development, testing, and sandbox environments

     

    💡 Pro Tip: Coordinate with your IT team early—you'll need admin-level access for each integration. Identify system owners and schedule connection sessions to avoid delays.

    📖 For detailed integration instructions, refer to Drata's Quick Start documentation.

    2. Scoping your Controls

    Drata comes with a broad set of default controls, but you don't need all of them for your audit.

    • Your audit with us only requires a subset of controls.
    • There are approximately 50 controls relevant for Security, Availability, and Confidentiality Trust Service Criteria. We've included Processing Integrity & Privacy, however these are not tested by default.
    • You can safely descope/exclude any controls that aren't relevant to your audit, as per our control listing provided below.

    💡 Helpful Resource: Watch Understanding Drata Controls to learn how to easily scope in the relevant controls.

    For organizations using Drata before May 7, 2024:
    📖 Download Sensiba SOC 2 Control Framework

    For organizations using Drata after May 7, 2024:
    📖 Download Sensiba SOC 2 Control Framework

    📖 Not sure which version applies? Review Drata's framework update guide for clarification.

     

    3. Audit Package

    Set up your audit in Drata and add our audit team to get started.

    Create your Audit

    1. Navigate to the Audit Hub tab and select Create Audit

    2. Configure your audit parameters:

        • Audit type: SOC 2 Type 1 or Type 2
        • Audit period: Select your observation timeframe (dates can be adjusted later if needed)

    3. Invite auditors using the dropdown menu or send new invitations as needed

     

    Grant Sensiba Auditor Access

    Once your audit is created, provide access to enable immediate support:

      1. Navigate to Audit Hub → Open Audit

      2. Select the edit icon under Assigned Auditors.


      3. Add your auditors:

      4. Enable the following permissions for all auditors: 

      • Read-only access 

      • Download permission for Controls, Tests and Requirements

      💡 Note: Your dedicated Lead Auditor will be formally assigned following your kick-off call.

      💡 Need a step-by-step? Watch the Drata Audit Hub Overview for a walkthrough of the setup process.

      4. Complete your System Description

      Your system description defines the boundaries of your audit and forms the basis of your final SOC 2 report. It tells your auditor exactly which systems are in scope.

      Follow our System Description Guide for step-by-step instructions. It should only take 10-15 minutes!

      💡 Best Practice: Complete this early to give your auditor full context from the start.

      5. Configure your Compliance Foundation

      For Type 1 Audits: Start with the Essentials

      Now that your systems are connected, it's time to build the operational backbone of your compliance program.

      Type 1 audits evaluate whether your controls are properly designed at a specific point in time. Focus on these four foundational areas:

      • Personnel – Add all employees within your audit scope. Include contractors only if they have privileged access to critical systems or sensitive data.
      • Policies – Upload and assign your security policies, then track employee acknowledgments. You can use Drata's pre-built templates or create custom policies through our Policy Tree tool.
      • Automated Monitoring – Turn on automated testing for your most critical controls to maintain continuous visibility into your compliance posture.
      • Drata Agent – Install the Drata Agent for all applicable personnel to track device compliance (e.g., disk encryption, antivirus).

      These items represent the minimum required to get your Type 1 audit underway. Once you've completed the above, reach out to your CSM to kick off your audit.

      Strengthen Your Foundation
      • Risk Management – Identify and document organizational risks, assign ownership, and create mitigation plans. Focus on high and critical risks first. See our Risk Assessment Guide for step-by-step instructions.
      • Vendor Management – Build your vendor register, classify vendors by risk level, and review security documentation for high-risk third parties.

      💡 Pro tip: The stronger these foundational areas are from day one, the faster and smoother your audit will run.

      💡 Learn at your own pace: Explore Drata's comprehensive video training library to master the platform and build audit readiness.

      Ready for Type 2?

      SOC 2 Type 2 audits require continuous evidence of control effectiveness over time. Refer to our dedicated Type 2 Quick Start Guide for detailed preparation requirements.

      📖 Type 2 Preparation: Review Drata's SOC 2 Checklist for a comprehensive overview of Type 2 evidence requirements and timeline considerations.

       
       

      Need Support?

      Our team is here to guide you through every step of your compliance journey, we cannot wait to work with you!

      Need Help? Contact us at csplatform@sensiba.com.

      Schedule a Kick-Off Call: Book a time with one of our Customer Success Team using here.