Drata
      Back to home
      1. AssuranceLab - Knowledgebase
      2. Drata

      Drata Starter

      AssuranceLab's Drata-exclusive audit program to be SOC 2 Type 1 ready in as little as 20 hours

      There are 9 steps to complete your SOC 2 audit in Drata with AssuranceLab:

      1. QuickStart Set-up (~15 mins): Log in, connect your infrastructure, import your custom framework and give us auditor access.
      2. System Description Automation (~15 mins): Input the important details to confirm your SOC 2 reporting scope and generate the description that forms the final report.
      3. Policy Automation (~2 hours): Generate your information security policies, upload and configure the sign-off workflows in the Drata Policy Centre.
      4. Vendor management (~4 hours): Add your material vendors, complete the vendor risk assessments, and review the attestation reports for high risk vendors.
      5. Risk assessment and tracking (~4 hours): Complete and upload your information security risk assessment and risk mitigation plans.
      6. Add control populations (~1 hour): Add populations for incidents and vulnerabilities that aren't tracked directly in Drata. (Type 2 only)
      7. Remaining evidence uploads (~10 hours): Upload the remaining evidence requirements outlined in the table enclosed, to complete your audit.
      8. AI Review and Audit (~1-2 weeks): Opt in to our AI review program for faster feedback and a streamlined audit process (removes step 9 below). We share feedback in a dynamic Google Sheet for easy collaboration to complete the audit.
      9. Traditional Audit (~2-3 weeks): We review your full evidence package and complete the audit. We'll raise any queries in Audit Hub, Slack or another preferred channel.
      10. Continuous Audit: Roll straight into our continuous audit program to maintain your compliance with confidence.

       

      Additional Guidance:

      • Frequently Asked Questions (FAQ): These are the questions we're often asked by clients working through the Drata Starter program.
      • Sample tests: The samples we select and the controls we test for Type II audits following the Drata Playbook.
      • Drata Starter Plus: Have you added more criteria to your scope like Processing Integrity or Privacy? Here's a how to understand what is required.