Being able to stay ahead of upcoming tasks is essential to maintaining your compliance posture. While we can't plan for everything, we can plan for things that we know are coming up, based on dates or other triggers—such as evidence, policies, vendors, and other tasks that may be unique to your specific compliance program.

Account administrators, information security leads, and workspace managers can access, create, and manage tasks.

Tasks help you manage upcoming items so you can proactively plan to stay on top of your compliance posture.

The tasks feature offers automation by gathering all the compliance items associated with a renewal or reminder date, and displays them on a timeline broken out by month. It also offers customization for your specific needs by allowing you to create and manage your own tasks.

The Tasks navigation sits below your dashboard in the main navigation menu, enabling you to access it from anywhere within the application.

On the left hand side of the screen, you’ll see an overview of the number of all the tasks in each month within a given year. This gives you a way to see how your tasks are spread across months. When a month contains past due tasks, the number will turn red.

On the right side of the screen, you’ll see each individual task laid out on a timeline. Each month, your tasks are grouped by task type. The task types include:

Note: Since evidence files uploaded manually to a control do not have any owner associated with them, you will not see an owner surfaced on the task timeline.

There are 3 types of automated tasks; Policy Renewals, Evidence Renewals, and Vendor Reminders. Automated tasks are color-coded in yellow.

Expanding each automated task group reveals individual tasks. When clicking the review button, it takes you to the area of the application where each task is managed. For instance, clicking on the task above will take you straight to the “Business Continuity Plan” policy, where you can manage that policy.

As you manage your tasks and update their renewal or reminder dates, they will move in the timeline according to the date you set. In this way, an automated task is considered "done" once a new renewal date is set.

There are 3 types of custom tasks; general tasks, control tasks, and risk tasks. General tasks are simply any task that you create in Drata yourself. Control Tasks are tasks you create that can be assigned to a specific control. Tasks you input into Drata are color-coded in blue.

The tasks you add will be gathered together in a their own categories within each month on the task timeline.

The tasks you add into Drata can be marked complete when the work by the task owner is done. They can also be deleted in entirety, or marked incomplete if necessary.

Control tasks are created by assigning the task to a control either before or after the task is created.

Control Tasks can be managed within the control itself as well.

If you have our Risk Management feature, you can also add tasks on a per Risk basis, similarly to how you add tasks to risks.

The Risk Management feature comes with an additional user role, the Risk manager. Risk managers will see a filtered view of the Task Timeline, only showing tasks associated with Risks. Conversely, the Information Security Leads will not see Risk Tasks on the task timeline, as they cannot access the Risk Management tool.

If you have tasks assigned to you in the following month, you'll receive a notification on the 15th of the month. You will not receive an email if you have no tasks assigned to you, or if the tasks assigned to you for next month are already complete. If you do not want to receive this email, it can be managed in your notification settings.

If you have our Workspaces featured enabled for your account, there are some specific things you need to know about managing tasks.

First, tasks are workspace specific. This applies to both automated and custom tasks. If there is a piece of manually uploaded evidence or a report, it will only show up on the task timeline specific to that workspace. If you create a task on the task timeline within one workspace, it will only appear in that workspace. Since policies and vendors are company-wide compliance objects, they will appear across all task timelines.

Next, since the task timeline is workspace specific, it also knows which users with the Workspace Manager role can be created and filtered within each workspace.

Since the Risk Management tool only applies to the primary workspace, risk tasks can only be created for the primary workspace as well.

We are always looking for feedback on how we can improve! If you have feedback on how tasks can better serve your workflow, please let us know. Click on the question mark icon in the upper right corner of Drata and select "Roadmap, ideas, and releases" to give us feedback directly.