Skip to main content
Internal Security

Providing details on security training and tracking for your company

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

HERE'S WHY

Configuring your Drata 'Internal Security' page is key to fulfill several of the controls within your compliance framework.

BEFORE DIVING IN

Only account administrators have access to this section within Drata.

Workstation configuration monitoring

The Drata Agent provides a secure and easy way to collect evidence from computers within your organization. Learn more about Drata Agent.

On this page, you can select how evidence for workstation configuration will be pulled into Drata for your personnel’s device compliance checks. This can be done by utilizing the Drata Agent, or an MDM connection, or by giving personnel the ability to upload evidence manually themselves through My Drata.

  • Using the automated option(s) does not take away your ability to upload evidence manually at any time.

  • The manual option only affects the My Drata page for employees.

Security awareness training

Annually, all employees should participate in cybersecurity training.

Drata has developed our own, embedded Security Awareness Training. This enables employees to complete the training directly in Drata and easily fulfill their annual requirement. This is the default training option in Drata.

Drata also integrates with KnowBe4 and Curricula. If you have connected either systems, you will see the option on this page to select it as your security training provider.

If you already conduct internal trainings or use another software select the third radio button. Employees will then be prompted to upload their open completion certificates during employee onboarding.

You can also add a link to the external training to prompt your employees to complete it.

Finally, you can opt to hide security training completely from employee onboarding and instead load evidence into the personnel page directly.

Office Visitor Logs

If you have a physical office, you will upload a log of visitors via sign in records. This can be an export of the logs or an image of the physical sign-in book. Use the 'browse' option to access a file from your computer. If you do not have an office, you can leave this section blank.

Did this answer your question?