sThis guide follows the Quick Start page, located at the top of the navigation menu when you first log in to the Drata platform. The purpose of this article is to help you achieve value quickly by providing context for the activities you’ll complete as you move through the Quick Start.

To open the Quick Start page, select Quick Start in the left navigation menu. This menu item remains at the top of the panel while you complete your Quick Start activities. Once all activities are complete, the menu item moves under Settings.

The Quick Start includes six sections with accordion-style expandable subsections that guide you through recommended best-practice activities to get started with Drata.

Some sections include locked activities, which appear with a lock icon. A locked activity means a prerequisite must be completed before you can begin that task.

Some sections include optional activities that can be skipped. Select Skip to move past one. For example, the “Assign roles to your team” activity is optional and can be completed later.

After you finish an activity, a Completed status appears. For example, once you complete the Enter your company info, it is marked as complete. Each section displays progress in the upper-right corner, showing how many activities have been completed out of the total for that section.

You completed the Welcome Questionnaire during the initial onboarding flow when you first signed in to Drata.

Select Enter details. You’ll be redirected to the Company Info page under Settings.

For future reference: Settings is located when you select your username at the bottom of the navigation panel.

The Company Info page lets you provide an overview of your company, helping auditors and customers understand what your company does and how it meets common compliance requirements.

Completing this page also satisfies certain Drata controls, as company information fields may be referenced by Monitoring Tests.

To learn more about the company info page, go to Company Information Fields FAQs in the Help Center.

This section includes four important activities. Completing them allows Drata to:

In each activity, you’ll be prompted to connect your systems.

Open the activity, then select Set up. You’ll be redirected to Connections → Identity → Available connections. Select and connect the identity provider (IdP) your company uses. Only one IdP connection is supported at a time. If your company does not use an IdP, select the Manual Import option.

It is important to complete this connection first. It enables Drata to monitor your personnel’s compliance posture and allows employees to authenticate into the platform through your IdP.

Here we’ve included links to the currently published help articles for the most commonly used IdPs.

After setting up your identity provider, this activity will be marked as complete.

Connecting your infrastructure provider enables Drata to continuously monitor and collect evidence for dozens of security controls across your compute resources, storage, and data environments.

Open the activity, select Set up, and you’ll be redirected to Connections → Infrastructure. Connect one or more infrastructure services to begin automated monitoring.

Help articles are available for supported infrastructure providers (list subject to change):

After setting up an infrastructure connection, the activity is marked as complete.

Open the activity, then select Set up. You’ll be redirected to Connections → Version Control → Available connections. Connect one or more version control systems to automate evidence collection and monitoring.

This list is frequently updated and may not reflect all of the latest connections.

After setting up a version control connection, this activity is marked as complete.

Open the activity, then select Set up. You’ll be redirected to Connections → Ticketing → Available connections. Connect one or more ticketing systems to create tickets and reference them as evidence.

This list is frequently updated and may not reflect all of the latest connections. Supported ticketing services include:

After setting up your ticketing connection, this activity is marked as complete.

Congratulations! You’ve completed the necessary connections to power automation with Drata. You’re well on your way to realizing the full value of the platform.

This section includes up to three key activities. You'll review framework requirements, assign roles, and plan remediation actions to help establish continuous compliance.

Open the activity, then select Assign roles. You’ll be redirected to Settings → Role Administration.

Note: You must connect your IdP before you can assign roles in Drata.

In this section, you can invite additional Admins and assign roles to the team members who will help manage Drata. You do not need to assign Drata roles to your entire company—only to those responsible for managing compliance in Drata. This does not apply to end users who only log in to complete onboarding tasks.

To learn more about roles in Drata, go to the Role Administration help article.

After assigning roles, this section will be marked as complete. You can also choose Skip for now if you'd like to return later.

Open the activity and select Open Frameworks. This takes you to the Frameworks page in the main navigation panel.

This page displays a card for each framework that has been enabled in your account. Frameworks not yet enabled appear below the active ones. Select Learn More on any unavailable framework to get additional details.

Each framework card includes:

Select a card to open that framework’s detail page. Each detail page includes:

Related resources:

You do not need to complete all frameworks to continue through Quick Start. Review your active frameworks and mark requirements in or out of scope based on your organization's needs. You can return to this page at any time.

After reviewing your requirements, select Mark complete to finish the section. The Frameworks page will remain available in the navigation menu.

The Control page allows you to review the scope of your controls to understand where you have gaps, assign control owners, see evidence, assign approvers mark controls in and out of scope, filter on monitoring, and create new controls if desired.

Open the activity then select View Controls. You are directed to the Controls page on the main navigation panel.

On this page you can review your controls, see monitored status, see readiness status, see evidence links and more. You can open a control detail drawer by selecting the Control Code (ex: DCF-37 for Acceptable Use Policy). You can manage controls in a more granular way in the detail drawer.

Some helpful documentation for completing this section:

After you’ve reviewed your control requirements, select Mark complete to complete this section. You will be able to return to the Controls page from the navigation panel at any time.

This section includes five important activities to help you prepare personnel-related procedures and establish compliance in Drata. The first activity is optional, but strongly recommended if you use a Human Resources Information System (HRIS).

Connecting your HRIS to Drata enables read-only access, allowing Drata to identify which personnel are in scope for your audit period and whose access must be tracked. This connection provides additional context beyond what is available from your IdP.

Open the activity titled Set Up Your HRIS Connection (Optional).

Note: You must connect your IdP or upload a CSV using the Manual Import option on the Identity page before setting up HRIS.

Select Set up, and you’ll be redirected to Connections → HRIS. To learn more, go to Connect your HRIS to Drata.

You can select Skip for now and return later through Connections → HRIS. After completing this step, the activity will be marked as complete.

The Personnel page provides a centralized view of compliance status for all personnel and includes tools to manage actions such as resetting security training, sending reminders, and applying exclusions. In this activity, you’ll review the page and have the opportunity to perform some of these tasks.

Drata syncs with your Identity Provider daily to keep personnel information up to date. If you’ve connected an HRIS, Drata also syncs additional details from that system.

Open the activity titled Verify Employment Status of Personnel.

Note: If you haven’t connected an IdP or HRIS, you can manually add personnel using the Manual Import option in Connections → Identity.

Select Review Personnel to go to the Personnel page. From there, you can:

To learn more about this page and its available actions, refer to the Personnel Overview.

After you’ve reviewed and/or verified the employment status of some or all

After reviewing the personnel list, select Mark complete. You can return to the Personnel page anytime from the navigation panel.

Select Set up to open the Internal Security page. This page allows you to define how Drata collects workstation configuration evidence, manage security training, and attach visitor logs.

To schedule and reset your Security training, learn more about each type of training by following these help articles:

To learn more about the Internal Security page, go to the Internal Security help article.

After configuring your internal security settings, this activity will be marked as complete. You can return to this page at any time via Settings → Internal Security.

Select Quick Start in the navigation panel to continue. Up next: Set Up Background Checks.

Select Set up to go to the Human Resources page, where you can configure background checks, automate offboarding evidence collection, and manage other HR-related tasks.

Drata can automatically collect background check evidence when you connect a supported background check vendor. To do this, go to Connections → Background Checks. To learn more about the Human Resource page, go to the Human Resources help article.

After selecting a background check option, this activity is marked as complete. You can return to the Background Checks page at any time from Connections → Background Checks or to the Human Resources page from Settings → Human Resources.

Select Quick Start in the navigation panel to continue. Next: Onboard Your Personnel to Drata.

When you configured your internal security settings, you decided how to monitor personnel workstations and deliver security awareness training. Inviting your in-scope users to log in to Drata is a key step toward collecting the evidence needed for personnel-related compliance.

End users must log in to the Drata platform to:

To assist with this step, Drata provides a customizable onboarding email template. Select Customize the provided template in the Prep Work area. Follow the instructions, make a copy of the template, and replace the yellow highlighted text with content tailored to your selected framework.

To preview the onboarding experience from an end user’s perspective, select My Drata from the menu under your name in the navigation panel. To learn more about employee onboarding, go to Employee onboarding.

Some customers prefer to configure key policies before inviting their in-scope users. This allows employees to acknowledge policies during their first login rather than returning later. Drata also prompts personnel to review and acknowledge assigned policies when they first log in, so it’s helpful to complete policy setup in advance. If you choose this approach, continue to the next section: Set Up Your Policies.

After onboarding your personnel, select Mark complete. Continue to the next Quick Start activity: Set Up Your Policies.

In this section of Quick Start, you’ll use the Policy Center to begin managing your policies. From here, you can:

The Policy Center helps you create, manage, version, and streamline your policy approval and acknowledgement workflows. You can start working on your policies now while navigating the Quick Start page and return to the Policy Center at any time from the main navigation panel.

Best practice: Have your policies approved and ready for employee acknowledgement before they first log in to Drata.

Completing your policies:

In the Quick Start section, you’ll find a status indicator showing how many policies have been approved versus those still pending. This number updates dynamically based on your enabled frameworks and approved policies.

Select Open Policy Center to get started. These templates were developed by Drata’s GRC team with input from auditors and compliance experts. To begin:

When using a Drata template, you may notice yellow highlights with related comments in the right margin. You can preview and edit each template as needed. In the Details section, be sure to:

When finished, select Save, then submit the policy for approval.

If a policy does not apply to your organization, archive it using the box icon next to its name. Archiving removes its controls from the readiness score. You can restore an archived policy at any time from the Archived or Replaced tab.

You can also create custom policies. If a custom policy replaces one or more Drata templates, be sure to select the Drata template under Policies replaced.

Helpful resources:

The time needed to complete the policy section depends on:

It may take a few days to a few weeks depending on your organization’s needs. Drata’s flexibility allows you to tailor the Policy Center to fit your requirements.

Once all activities are complete, the Quick Start will display 100% completion. The Quick Start link will move from the main navigation panel to your user submenu at the bottom of the panel, under Connections. To reopen it, select your name in the left navigation panel and choose Quick Start.

The What’s Next section introduces additional Drata features you can explore after completing Quick Start, including: