ASSOCIATED DRATA CONTROL
This test is part of the Security Policies control that ensures your company has approved security policies, and that all employees accept these procedures when hired. This control also checks to make sure that Management has reviewed and approved these policies and that they are made accessible to all employees and contractors.
WHAT TO DO IF A TEST FAILS
If Drata is unable to find all necessary security policies the test will fail. With a failed test you will receive a list of policies that have not been created/uploaded to Drata. To remediate a failed test, you will need to either upload or build the missing security policies.
STEPS TO REMEDIATE
Navigate to the Policy Center page
Ensure that the following policies have been uploaded:
Acceptable Use Policy
Acceptable Use Policy
Asset Management Policy
Backup Policy
Business Continuity Plan
Code of Conduct
Data Classification Policy
Data Deletion Policy
Data Protection Policy
Disaster Recovery Plan
Encryption Policy
Incident Response Plan
Information Security Policy
Password Policy
Physical Security Policy
Responsible Disclosure Policy
Risk Assessment Policy
Software Development Lifecycle Policy
System Access Control Policy
Vendor Management Policy
Vulnerability Management Policy
HELPFUL RESOURCES