Skip to main content
All CollectionsControl Tests
Test: IRP Includes Lessons Learned
Test: IRP Includes Lessons Learned

Drata inspects your company Incident Response Plan to ensure it includes a section about documenting “Lessons Learned” after incidents.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Lessons Learned control that ensures your Incident Response Plan includes a process for documenting "Lessons Learned" after an incident as well as for sharing them out with the broader engineering team.

WHAT TO DO IF A TEST FAILS

If Drata finds that an Incident Response plan either does not exist or has not been approved within the last 12 months the test will fail.

To remediate a failed test, you will need to either upload or build the Incident Response plan within Drata or notify the owner to click 'Approve Policy' as soon as possible.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center page

  2. Add an 'Incident Response Plan' and ensure that the newly added plan is approved

HELPFUL RESOURCES

Did this answer your question?