Internal Security overview manages how security evidence is collected and tracked for personnel requirements like workstation compliance and training. These settings automate audit preparation by defining how employee data is sourced across your organization.
⚠️ Select your experience
The steps to manage Internal Security depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
Configure how Drata collects evidence for employee security requirements, including workstation compliance, security awareness training, and physical access records.
The Internal Security settings define how employee-related security evidence is sourced and tracked across your organization. These settings directly support multiple compliance controls and affect onboarding, recurring tasks, and audit evidence.
Prerequisites
Required Drata roles: Administrators
Find Internal Security settings
Go to Settings. Under Organization, select Personnel compliance, then select Internal Security.
The Internal Security page is divided into the following sections:
Workstation configuration monitoring
Office visitor logs
Each section determines how evidence is collected, not whether the requirement exists.
Workstation configuration monitoring
Define how Drata collects evidence for employee workstation security controls. You can choose one or more of the following methods:
Drata Agent: Automatically collects workstation configuration evidence from employee devices.
MDM integration: Uses a supported mobile device management (MDM) provider to collect device compliance data.
Manual uploads (My Drata): Allows employees to upload evidence manually through their My Drata tasks.
Important behavior notes:
Using automated methods does not prevent manual uploads.
The manual option only affects the employee My Drata experience.
Administrators can always upload evidence directly to personnel records if needed.
Office visitor logs
If your organization has a physical office, upload visitor sign-in records to support physical access controls.
Accepted formats include:
Exported visitor logs
Images or scans of physical sign-in books
If your organization does not maintain a physical office, this section may be left blank.
Common misconfigurations to avoid
Enabling manual-only workstation evidence without clear employee guidance
Assuming MDM or agent connections retroactively populate past evidence
Instructions for the Classic Experience ⬇️
Follow these steps if you are using the Classic Experience UI.
Open settings: Go to User Account > Settings > Internal Security.
Prerequisites
Required Drata roles: Administrators
Configuring your Drata 'Internal Security' page is key to fulfill several of the controls within your compliance framework.
Configure Security Requirements
Ensure your compliance framework is supported by configuring the following three areas:
1. Workstation configuration monitoring Choose how personnel device compliance is verified:
Enable the Drata Agent, connect an MDM, or toggle Manual uploads to allow employees to submit their own evidence.
2. Security awareness training Select the source for your annual employee training:
Drata Training: The default embedded training module.
Integrations: Connect KnowBe4 or Huntress to sync completion status.
External/Manual: Provide a link to an external LMS or require employees to upload completion certificates during onboarding.
Hidden: Opt to hide training from onboarding and manage evidence directly on personnel pages.
3. Office Visitor Logs If your organization maintains a physical office, use the Browse option to upload visitor sign-in books or digital logs.