Skip to main content

Test: Has Security Policies

Drata inspects your company's security policies to determine if they account for securing the company's operations, services, and systems.

Updated over 2 weeks ago

ASSOCIATED DRATA CONTROL

This test is part of the Security Policies control that ensures your company has approved security policies, and that all employees accept these procedures when hired. This control also ensures that management has reviewed and approved these policies, and that they are accessible to all employees and contractors.

WHAT TO DO IF A TEST FAILS

If Drata cannot find all the required security policies, the test will fail. When the test fails, Drata will provide a list of policies that have not been created or uploaded. To resolve a failed test, upload or create the missing security policies in Drata.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center page

  2. Ensure that the following policies have been uploaded:

    1. Acceptable Use Policy

    2. Asset Management Policy

    3. Backup Policy

    4. Business Continuity Plan

    5. Code of Conduct

    6. Data Classification Policy

    7. Data Deletion Policy

    8. Data Protection Policy

    9. Disaster Recovery Plan

    10. Encryption Policy

    11. Incident Response Plan

    12. Information Security Policy

    13. Password Policy

    14. Physical Security Policy

    15. Responsible Disclosure Policy

    16. Risk Assessment Policy

    17. Software Development Lifecycle Policy

    18. System Access Control Policy

    19. Vendor Management Policy

    20. Vulnerability Management Policy

HELPFUL RESOURCES

Did this answer your question?