Skip to main content
All CollectionsControl Tests
Test: Information Security Policy
Test: Information Security Policy

Drata inspects your company records to determine if an Information Security Policy is in place and is currently valid.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Information Security Policy control that ensures your company has a defined Information Security Policy that covers policies and procedures to support the functioning of internal control.


โ€‹

WHAT TO DO IF A TEST FAILS

If Drata finds that your Information Security Policy is either not in Drata or has not been approved by the owner within the last 12 months the test will fail.

To remediate a failed test, you will need to ensure that your Information Security Policy has been uploaded to Drata. If the policy has been uploaded you will be able to send an email reminder to the owner of the policy, requesting an approval.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center.

  2. Add an 'Information Security Policy' and ensure that the newly added policy is approved.

HELPFUL RESOURCES

Did this answer your question?