Drata
      Back to home
      1. AssuranceLab, a Sensiba Company
      2. Drata

      Drata Starter Quick Start Guide

      Get Audit Ready in 5 Steps with Sensiba

      Connecting your Key Systems

      Start with the Quick Start button in the top left corner of Drata — this walks you through your first connections.

      Systems to connect:

      • Cloud Providers

      • Identity Providers (IDP)

      • Version Control (GitHub, GitLab, Bitbucket, etc.)

      • HRIS (Human Resource Information Systems)

      • Datastores

      • Mobile Device Management (MDM)

      👉 In-scope = production systems, sensitive information, or user data
      👉 Out-of-scope = test, sandbox, or non-production systems

      Connections use the principle of least privilege — Drata only pulls configuration data needed for evidence.

      💡 Tip: You’ll need admin credentials for each system. Loop in IT, app owners, or stakeholders as needed.
      📖 For step-by-step instructions, view more about the Quick Start in Drata here.

      Get Your Drata Instance Audit-Ready

      Beyond your initial connections and system description, there are a few key areas in Drata that help ensure you’re truly audit ready. Taking the time to configure these properly now will save time later.

      Focus areas to review in Drata:

      • Personnel in scope: Confirm all employees who should be part of the audit are added — and that only relevant people are included. (For example, contractors are generally excluded unless they have access to critical systems.)

      • Policy management: Upload your required policies, assign them to the right staff, and track acknowledgements.

        • We also offer a Policy Generator (PolicyTree) that creates robust, tailor-fit policies aligned with your controls. This is optional — you can use Drata’s policies instead — but if you choose PolicyTree, you’ll need to upload those policies into Drata. You can create them here.

      • Risk management: Document your risks, define mitigation plans, and assign ownership — especially for critical or high risks.

      • Vendor management: Add your critical vendors, assign risk ratings, and complete reviews for those rated high or critical.

      • Monitoring tests: Configure key monitoring checks so controls are continuously validated within Drata.


      📖 For a detailed step-by-step walkthrough, check out Drata’s SOC 2 Checklist.

      💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.

      Scoping your Controls

      Drata comes with a broad set of default controls, but you don’t need all of them for your audit.

      • Your audit with us only requires a subset of controls.

      • There are approximately 50 controls relevant for Security, Availability, and Confidentiality Trust Service Criteria. We've included Processing Integrity & Privacy, however these are not tested by default.

      • You can safely descope/exclude any controls that aren’t relevant to your audit, as per our control listing provided below.

      📖 Download and View the full list here

      💡 Tip: Focus on quality over quantity — only keep controls that truly apply to your environment.

      Create Audit Package

      Set up your audit so we can join you in Drata.

      1. Go to the Audit Hub tab → select Create Audit

      2. Enter your audit details:

        • Audit type (e.g. SOC 2)

        • Audit period → use past dates up to the current date. 

          • If you're unsure, don't worry! we can always adjust the dates for you at a later stage.

      3. Add your auditors from the dropdown or by inviting new ones

      📖 Learn more about audit periods here

       

      Provide Sensiba Auditor Access

      Once your audit is created, give our team access:

      1. Go to Audit HubOpen Audit

      2. Select the edit icon under Assigned auditors.

      3. Add our audit team address: grc@drata.sensiba.com

      • This ensures we can start supporting you right away
      4. Toggle on:
      • Read only access
      • Download for Controls, Tests and Requirements

      💡 Note: Your dedicated audit team member will be assigned after your Kick-Off call. They’ll let you know when to add their individual account.

      Complete your System Description

      This is a key step for your audit:

      • It forms the basis of your final SOC 2 report

      • It tells your auditor exactly which systems are in scope

      You can complete it by following the instructions linked here.

      💡 Tip: Do this early to give your auditor full context from the start.

      Need Help?

      We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com.