Drata
      Back to home
      1. AssuranceLab - Knowledgebase
      2. Drata

      Drata Starter: Compliance Accelerator

      Fast-track your compliance with tools, guides and expert support from AssuranceLab

      There are 8 steps to achieve compliance readiness and a clear path through your compliance audit process. Please read our FAQ below prior to starting to understand key topics like "Do I need to implement all of the 200+ controls in Drata?" (TL;DR - no), and "Does this program still work if I chose to work with another audit firm?" (TL;DR - yes). 

      View our overall guide for a visual flow of the tools and steps involved: Compliance Accelerator guide

      Steps to complete

      1. QuickStart Set-up (~1 hour): Connect your infrastructure and tools, provide us access, and complete your scoping to narrow your focus to what matters.
      2. System Description Automation (~15 mins): Generate the description that populates your final report and key scoping information.
      3. Policy Automation (~2 hours): Generate your comprehensive and customised information security policies, upload to Drata and configure the sign-off workflows.
      4. Vendor management (~4 hours): Add your material vendors, complete the vendor risk assessments, and security reviews.
      5. Risk assessment and tracking (~4 hours): Complete your information security risk assessment and risk mitigation plans.
      6. Add control populations (~1 hour): Add populations for incidents and vulnerabilities that aren't tracked directly in Drata ready for your audit. (Type 2 only)
      7. Document uploads (~10 hours): Upload the remaining evidence requirements outlined in the table enclosed with tips and guidance, to complete your audit readiness.
      8. AI Review: Tell us when you're ready - we'll run your AI-powered review and share your results.

      Additional Guidance:

      • Frequently Asked Questions (FAQ): These are the questions we're often asked by clients working through the Drata Starter: Compliance Accelerator program.
      • Sample tests: The samples we select and the controls we test for Type II audits following the Drata Starter methodology.
      • Drata Starter Plus: Have you added more criteria to your scope like SOC 2 Processing Integrity, Privacy, HIPAA, GPDR or others? Here's a how to understand what is required.