All Collections
Control Tests
Test: Has Security Policies
Test: Has Security Policies

Drata inspects your company security policies to determine if they account for securing the company's operations, services, and systems.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Security Policies control that ensures your company has approved security policies, and that all employees accept these procedures when hired. This control also checks to make sure that Management has reviewed and approved these policies and that they are made accessible to all employees and contractors.

WHAT TO DO IF A TEST FAILS

If Drata is unable to find all necessary security policies the test will fail. With a failed test you will receive a list of policies that have not been created/uploaded to Drata. To remediate a failed test, you will need to either upload or build the missing security policies.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center page

  2. Ensure that the following policies have been uploaded:

    1. Acceptable Use Policy

    2. Acceptable Use Policy

    3. Asset Management Policy

    4. Backup Policy

    5. Business Continuity Plan

    6. Code of Conduct

    7. Data Classification Policy

    8. Data Deletion Policy

    9. Data Protection Policy

    10. Disaster Recovery Plan

    11. Encryption Policy

    12. Incident Response Plan

    13. Information Security Policy

    14. Password Policy

    15. Physical Security Policy

    16. Responsible Disclosure Policy

    17. Risk Assessment Policy

    18. Software Development Lifecycle Policy

    19. System Access Control Policy

    20. Vendor Management Policy

    21. Vulnerability Management Policy

HELPFUL RESOURCES

Did this answer your question?