ASSOCIATED DRATA CONTROL
This test is part of the Defined Management Roles & Responsibilities control that ensures your company has established defined roles and responsibilities to oversee implementation of the information security policy across the organization.
WHAT TO DO IF A TEST FAILS
If Drata finds that an Information Security policy either does not exist or has not been approved within the last 12 months the test will fail.
To remediate a failed test, you will need to either upload or build the Information Security policy within Drata or notify the owner to click 'Approve Policy' as soon as possible.
HELPFUL RESOURCES