⚠️ Select your experience

The steps depend on your interface version. Select a link to skip to the instructions for your version.

Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.

Instructions for the New Experience ⬇️

The Organization details page allows you to manage your company’s core information in Drata, including audit-facing details, compliance URLs, and your Account ID.

This information is used across Drata to represent your organization in policies, compliance documentation, and automated evidence collection.

Several fields on this page are tied directly to automated tests and audit evidence, so updates should be made carefully and only by authorized users.

Prerequisites

To edit Organization details, you must have the Admin role.

Admins can view and update all organization settings
Other users may be able to view limited organization information but cannot make changes

Access Organization details

To open the Organization details page:

Select Settings
Under Organization, select Organization details
Confirm you are on the Org info tab

Organization information

These fields describe your organization’s identity and legal context.

Field	Description	Relevance/Impact
Company logo (optional)	Upload your company logo.	File must be under 1 MB and in JPG or PNG format. Recommended pixel size is 62x62.
Email domain	Primary domain used for company email and website.	Impacts the following test and control: Related test: Test 70: SSL/TLS Enforced on Company Website Related control: DCF-55: SSL/TLS Enforced
Full legal name (optional)	Official legal entity name of your organization.	Referenced in contracts, policies, and audit documentation.
Common name	Public-facing or “doing business as” (DBA) name.	Used to pre-populate the company name in Drata policy templates. Changing this later does not automatically update existing policies.
Incorporation / founding year (optional)	Year the organization was established.	Provides organizational context in audit packages and reviews.
Phone number (optional)	Primary business contact number.	Used for customer and auditor contact where a phone number is required.
Company description (optional)	High-level summary of what your organization does.	Helps auditors and customers understand your business; can be used in audit package contexts.
Company address (optional)	Mailing or operating address.	Used in legal and audit documentation where a physical address is required.
Account ID	Unique identifier for your Drata account.	Read-only; used by Drata Support and internal tooling to identify your tenant.
SafeBase Organization ID	Identifier used for SafeBase / Trust Center integration.	Read-only; links your Drata tenant to your Trust Center instance.
Data residency location	Region where your Drata data is hosted.	Read-only; used to demonstrate where customer data is stored for compliance and contractual needs.

Important:
If you update your Common name, Drata does not automatically update existing policies. To reflect the new name in policies, you must:

Manually update each policy, or
Contact Drata Support for assistance applying the change across templates.

Compliance and public URLs

These fields support customer transparency and automated compliance tests.

Field	Purpose	Related test / control behavior
Privacy policy URL (optional)	Link to your public privacy policy describing confidentiality and privacy commitments.	Impacts the following test and control: Related test: Test 84: Privacy Policy Publicly Available Related control: DCF-65: Maintains a Privacy Policy
Terms of use URL (optional)	Link to your public terms of service/terms of use.	Impacts the following test and control: Related test: Test 85: Terms of Service Publicly Available Related control: DCF-66: Maintains a Terms of Service
Support / Help URL	Link to a support, help, or contact page for customers.	Impacts the following test and control: Related test: Test 11: Contact Information Available to Customers Related control: DCF-8: Disclosure Process for Customers
Security / Compliance email	Dedicated inbox for security or compliance inquiries	Recommended to keep separate from a general support email.

Note:
If your Terms of Use/Terms of Service are not publicly available (for example, contract-only), you can:

Disable the related monitoring test, and
Upload your standard contract or MSA directly to the mapped control instead.

Product information

Sample MSA (Master Service Agreement)

Upload a sample Master Service Agreement (MSA) to demonstrate that your organization has formal agreements with customers outlining:

Your commitments and responsibilities
Customer responsibilities and expectations

If you do not use an MSA, you can upload another form of customer agreement, such as: Terms of Service, Service Agreement, or Statement of Work (SOW).

Related test: Test 83: MSAs Offered to Customers

Related control: DCF-64: Commitments Explained to Customers

Note: If your organization offers multiple products, you can:

Upload one representative agreement here, and
Upload additional agreements directly to DCF-64: Commitments Explained to Customers using Map External Evidence.

Instructions for the Classic Experience ⬇️

The Company Info page contains key fields that provide essential information about your organization. Each field serves a specific purpose, including:

Provides Context for Auditors and Customers: Information entered in these fields helps stakeholders understand your organization’s identity, commitments, and operations.
Satisfies Drata controls: Specific fields are tied to Drata’s Monitoring Tests, helping you satisfy compliance controls.

To update your company information, navigate to: User Account > Settings > Company Info.

Understand the Company Info Fields

This section explains each of the field, its purpose, and how it relates to Drata controls.

Email Domain: The primary domain used by your company for your website and employee email addresses.
- Related test: Test 70: SSL/TLS Enforced on Company Website
- Related control: DCF-55: SSL/TLS Enforced
Common Name: The name your company operates under, such as a DBA ("Doing Business As").
- Important Note: When Drata initially creates your account (tenant), the Common Name field is used to pre-populate the Company Name that appears in policies. If you update this field, the previous policies will not be automatically updated. You can either manually update the policies to reflect what you entered or open a support ticket to update the change for you.
Full Legal Name: The official name of your company as recognized in legal documents and authorities.
Incorporation / Founding Year: The year your company was legally established.
Phone Number: The primary phone number that your company uses to directly receive calls from stakeholders, clients, and partners.
Company Description: A high-level summary of your organization, including what you do and the value you provide.
Mailing Address: The physical location where your company operates or receives correspondence, packages, and mail.
- We recommend filling this field out with specific information such as:
  - PO Box (if applicable)
  - Street Name
  - Suite or Apt Number
  - City, State, Postal Code, Country

Privacy Policy URL: A public link to your company’s Privacy Policy, which details your company’s confidentiality and privacy commitments to your customers.
- Related test: Test 84: Privacy Policy Publicly Available
- Related control: DCF-65: Maintains a Privacy Policy
Terms of Use URL: A public link to your company’s publicly available terms of service where you outline your security and availability commitments to your customers.
- Related test: Test 85: Terms of Service Publicly Available
- Related control: DCF-66: Maintains a Terms of Service
- Note: In cases where a Terms of Service is not applicable or not publicly available, you can disable the test and upload a copy of your contract template directly to the control. For more information, please see Terms of Service Guidance: DCF-63 and DCF-66
Support/Help URL: A public link where customers can submit questions, report complaints, or disclose security concerns.
- Related test: Test 11: Contact Information Available to Customers
- Related control: DCF-8: Disclosure Process for Customers
Security/Compliance Email: An email address for customers to report security issues or contact your security/compliance team. This is best positioned at your website, but this can also be indicated in your contracts with your customers. This email may be [email protected] or [email protected].
- Important note: This email receives notifications from your Trust Center such as requests to access Trust Center documents and reports. We recommend separating this from your generic support email.
Sample MSA (Master Service Agreement): This is to show that you have formal agreements in place with customers explaining your commitments to them and what they are responsible for. In lieu of a Master Service Agreement, you can use other contracts such as Terms of Service, Service Agreement, Statement of Work, etc.
- Related test: Test 83: MSAs Offered to Customers
- Related control: DCF-64: Commitments Explained to Customers
- Note: If you have multiple products, you can upload one here and upload the rest directly to DCF-64: Commitments Explained to Customers, under Map External Evidence.

Update Product or Company URLs for a Workspace

Scroll down to the Workspaces section.
Locate the workspace you want to update.
On the workspace card, select Edit (located directly beneath the workspace name).
From here, you can update the URL for that workspace along with other workspace-specific information, including:
- Frameworks
- Workspace managers
- Additional workspace settings