Drata
      Back to home
      1. AssuranceLab, a Sensiba Company
      2. Drata

      Compliance Accelerator Program

      Fast-track your compliance with 6 easy steps with Sensiba

      1. Connecting your Key Systems

      Start with the Quick Start button in the top left corner of Drata — this walks you through your first connections.

      Systems to connect:

      • Cloud Providers

      • Identity Providers (IDP)

      • Version Control (GitHub, GitLab, Bitbucket, etc.)

      • HRIS (Human Resource Information Systems)

      • Datastores

      • Mobile Device Management (MDM)

      👉 In-scope = production systems, sensitive information, or user data
      👉 Out-of-scope = test, sandbox, or non-production systems

      Connections use the principle of least privilege — Drata only pulls configuration data needed for evidence.

      💡 Tip: You’ll need admin credentials for each system. Loop in IT, app owners, or stakeholders as needed.
      📖 For step-by-step instructions, view more about the Quick Start in Drata here.

      2. Get Your Drata Instance Audit-Ready

      Beyond your initial connections and system description, there are a few key areas in Drata that help ensure you’re truly audit ready. Taking the time to configure these properly now will save time later.

      Focus areas to review in Drata:

      • Personnel in scope: Confirm all employees who should be part of the audit are added — and that only relevant people are included. (For example, contractors are generally excluded unless they have access to critical systems.)

      • Policy management: Upload your required policies, assign them to the right staff, and track acknowledgements.

        • Leverage our free Policy Generator (PolicyTree) that creates robust, tailor-fit policies aligned with your controls. This is optional — you can use Drata’s policies instead — but if you choose PolicyTree, you’ll need to upload those policies into Drata. You can create them here.

      📖 For a detailed step-by-step walkthrough, check out Drata’s SOC 2 Checklist.

      💡 Tip: Think of these areas as the “readiness foundation” — the stronger they are, the smoother your audit will go.

      3. Scoping your Controls

      Drata comes with a broad set of default controls, but you don’t need all of them for your audit.

      • Your audit with us only requires a subset of controls.

      • The Drata Starter Framework includes 63 controls, each with guidance, tips, and examples.

      • You can safely descope/exclude any controls that aren’t relevant to your audit, as per our control listing provided below.

      📖 Download and View the full list here

      💡 Tip: Focus on quality over quantity — only keep controls that truly apply to your environment.

      4. Create Audit Package

      Set up your audit so we can join you in Drata, we will need access to be able to perform the AI review.

      1. Go to the Audit Hub tab → select Create Audit

      2. Enter your audit details:

        • Audit type (e.g. SOC 2)

        • Audit period → use past dates up to the current date. 

          • If you're unsure, don't worry! we can always adjust the dates for you at a later stage.

      3. Add your auditors from the dropdown or by inviting new ones.

      📖 Learn more about audit periods here

      5. Provide Sensiba Auditor Access

      Once your audit is created, give our team access:

      1. Go to Audit HubOpen Audit

      2. Select the edit icon under Assigned auditors.

      3. Add our audit team address: drata@drata.assurancelab.cpa

      • This ensures we can start supporting you right away
      4. Toggle on:
      • Read only access
      • Download for Controls, Tests and Requirements

      💡 Note: Your dedicated audit team member will be assigned to complete the remainder of your audit, once you have signed up to complete your audit with us. They’ll let you know when to add their individual account.

      6. Complete your System Description

      This is a key step for your audit:

      • It forms the basis of your final SOC 2 report.

      • Avoids any delays in the process when it comes time to prepare your report!

      • It tells your auditor exactly which systems are in scope

      You can complete it by following the instructions linked here.

      💡 Tip: Do this early to give your auditor full context from the start.

      What Next?

      Once you've completed the above steps, please reach out and book a meeting with our Customer Success team to get your AI review underway!

      You can book here.

      Need Help?

      We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com.