Skip to main content
All CollectionsMonitoringTests
Test: Risk Assessment Policy
Test: Risk Assessment Policy

Drata inspects your company records to determine if a Risk Assessment Policy is in place and is currently valid.

Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Risk Assessment Policy control that ensures your company has a defined formal risk management process that specifies risk tolerances and the process for evaluating risks based on identified threats and the specified tolerances.


WHAT TO DO IF A TEST FAILS

If Drata finds that your Risk Assessment Policy is either not in Drata or has not been approved by the owner within the last 12 months the test will fail.

To remediate a failed test, you will need to ensure that your Information Security Policy has been uploaded to Drata. If the policy has been uploaded you will be able to send an email reminder to the owner of the policy, requesting an approval.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center.

  2. Add a 'Risk Assessment Policy' and ensure that the newly added policy is approved.

HELPFUL RESOURCES

Did this answer your question?