Staying ahead of tasks is critical to maintaining your compliance posture. Use Drata’s Tasks page to track, create, and manage upcoming or recurring tasks based on renewal dates, reminders, or events such as evidence reviews, policy updates, vendor management, or risk-related activities.
Prerequisite
To verify who has access to this page, refer to Role Administration & RBAC.
Task Overview
Tasks help you manage upcoming items to proactively stay on top of your compliance posture. You can also create custom tasks to suit your specific needs.
How Tasks Are Organized
Tasks appear in a monthly timeline, grouped by both month and task type. This timeline gives you a high-level view of upcoming and overdue items.
When a month includes overdue tasks, the task count for that month is highlighted in red.
You can select any month to view detailed tasks categorized by type.
Task Types
Drata supports both automated and custom tasks:
Policy Renewals (automated)
Control Approvals (automated)
Evidence Renewals (automated)
Vendors Reminders (automated)
General
Controls
Risk Management
Manage tasks
Use filters to organize your tasks by type, owner, or timeframe (month and year). This helps you quickly find the tasks you need to manage.
View and Take Action on Tasks
Once you've located the task:
Expand the task to view further details.
Select Review to go to the related section in Drata where you can complete the task.
For example, selecting a task for the Vulnerability Mismanagement Policy takes you directly to the Policy Center page.
Task and Timeline Updates
When you update a task’s renewal or reminder date, the task is automatically moved to the corresponding month on the timeline.
For automated tasks, you can select Review to update the date (such as a policy's renewal date). The tasks are complete and no further action is required.
For custom tasks, you can manually:
Mark the task as complete or incomplete
Edit the task to:
Update its details, owner, or due date
Set the task to be recurring
Map the task to different controls or risks
Delete the task
Risk and Control tasks
You can map a task to a risk or a control in two ways:
From the Tasks page: During task creation, choose to map the task to a risk or a control.
From the Risk Management or Controls page: While viewing a specific item, go to the Tasks section and create a task. The task will automatically be mapped to the selected risk or control.
When creating a task, you can:
Add a title and description
Assign a task owner
Set a due date
Make the task recurring (optional).
Control Tasks
Control tasks are created when you map a task to a control. When you select Review, you're redirected to the Controls page to complete the task.
Risk Tasks
Risk tasks are created when you map a task to a risk. Selecting Review takes you to the Risk Management page, where you can complete the task.
Note: The Risk Management feature includes the role: Risk Manager.
Risk Managers can view a filtered timeline on the Tasks page showing only risk-related tasks.
Information Security Leads do not see risk tasks, as they do not have access to the Risk Management tool.
Task email notifications
Drata sends task-related email notifications to help you stay informed and take timely action.
Monthly Task Reminder
If you have tasks assigned for the upcoming month, you’ll receive a reminder email on the 15th of the current month. You won’t receive this email if:
You have no tasks assigned for the upcoming month.
All tasks assigned for the upcoming month are already complete.
Only recurring tasks are due next month.
You can manage this notification in your notification settings. Depending on your role, you may not have access to the Notifications settings page.
To manage monthly reminders:
Select your user account to go to the Settings page.
Under My Settings, select Notifications.
Enable Monthly reminder for upcoming tasks.
Required Task Email Notifications
Note: These notifications can’t be turned off.
You’ll automatically receive an email when:
A task is created and assigned to you
A task assigned to you is edited
A task assigned to you is deleted
Tasks and Workspaces
If the Workspaces feature is enabled in your account, there are a few important things to know about how tasks function across environments.
Workspace-Specific Tasks
Tasks are workspace-specific. This applies to both automated and custom tasks.
Manually uploaded evidence or reports are tied to the workspace in which they were added.
Tasks created within a workspace will only appear in that workspace’s task timeline.
However, policies and vendors are company-wide objects, so related tasks will appear across all workspaces.
Role-Based Visibility
Only users with the Workspace Manager role can view, create, and filter tasks within their assigned workspace.
Risk Management Tasks
The Risk Management tool is limited to the primary workspace. As a result, risk tasks can only be created and managed within the primary workspace.
Feedback about task management
We are always looking for feedback on how we can improve! If you have feedback on how tasks can better serve your workflow, please let us know. Select on the question mark icon in the upper right corner of Drata and select Roadmap, ideas, and releases to give us feedback directly.