Drata
      Back to home
      1. AssuranceLab - Knowledgebase
      2. Drata

      System Description

      Our automation will prepare your System Description for the final report with all the required details

      Steps to generate your System Description

      Please note: In order to save your progress and continue later, you must use the 'Access Later' option in the tool.

      Step 1: Completing it is a prerequisite to testing. It takes about 5-10 minutes to complete. After completing your System Description, you will be lead to PolicyTree. Policy Tree is an optional exercise which generates tailored policies for your business. If you already have policies, you do not need to complete Policy Tree.

      Please click the appropriate link below to get started:

      • "SOC 2 Only" - For those completing any of the 5 TSC's including Security, Confidentiality, Availability, Processing Integrity and/or Privacy.
         - Click here and use the access code "MzXERyDF28"
      • "SOC 2+" -  For if you are completing additional frameworks in addition to the SOC framework. For example SOC 2 Security, Availability, Confidentiality + HIPAA.
        - Click here and use the access code "t8gKSNVxjD"


      Step 2: Populate your company details and select the standards we are reporting on.

      Note: Select SOC 2 Trust Services Criteria + Security, Availability and Confidentiality. Do not select any others unless they are to be included in the same report. 

      Step 3: Select the processes and systems in scope and add the details accurately. These will influence the design of the description as well as the details populated.

      Note: Ensure Security and Compliance Monitoring Software is selected. This will scope the right controls for the report.

      Step 4: Complete the remaining details about your company, systems and processes. These details can all be adjusted in the output report.

      Step 5: Your report is generated and you can download it. We recommend you review and update it before confirming to us it's ready to form part of the final report.

      Our tool will then continue to the optional PolicyTree section for automated generation of a complete set of up to 23 security, privacy, ESG and AI policies to fit your compliance goals and ways of working.