Skip to main content
All CollectionsControl Tests
Test: Data Protection Policy
Test: Data Protection Policy

Drata inspects your company records to determine if a Data Protection Policy is in place and is before the policy renewal date.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Data Protection Policy control that ensures your company has established a Data Protection Policy and requires all employees to accept it upon hire. This control also verifies that Management monitors employees' acceptance of this policy.

WHAT TO DO IF A TEST FAILS

If Drata finds that a Data Protection policy either does not exist or if the renewal date on the policy has passed, the test will fail.

To remediate a failed test, you will need to either upload or build a Data Protection policy within Drata, set a renewal date that aligns with your compliance program goals, and notify the owner to click 'Approve Policy' as soon as possible.

STEPS TO REMEDIATE

  1. Navigate to the Policy Center page

  2. Add a 'Data Protection Policy' and ensure that the newly added policy has been approved

  3. Set a policy renewal date that aligns with your compliance program goals. Many frameworks require that policies are reviewed/approved annually

HELPFUL RESOURCES

Did this answer your question?