Staying ahead of upcoming tasks is essential for maintaining your compliance posture. Plan for upcoming tasks based on dates or triggers such as evidence, policies, vendors, and other tasks unique to your specific compliance program.
Prerequisite
To verify who has access to this page, refer to Role Administration & RBAC.
Task overview
Tasks help you manage upcoming items to proactively stay on top of your compliance posture. You can also create and manage custom tasks to suit your specific needs.
The Tasks page displays all items with renewal or reminder dates on a monthly timeline. Within each month, your tasks are grouped by task type. The task types include:
Policy Renewals (automated)
Evidence Renewals (automated)
Vendors Reminders (automated)
General
Controls
Risk Management
Under Tasks by month section, there is an overview of all the number of tasks you have within each month. This gives you a way to see how your tasks are spread across months. When a month contains past due tasks, the number will turn red.
Manage automated tasks
There are 3 types of automated tasks: Policy Renewals, Evidence Renewals, and Vendor Reminders. Automated tasks are color-coded in yellow.
Expanding each automated task group displays the individual tasks. Selecting the Review button for a task, you are redirected to the area of the application where each task is managed. For example, selecting a task related to the Business Continuity Plan policy will take you to where you can manage that policy.
As you manage your tasks or update their renewal or reminder dates, the timeline will update, placing tasks with the updated date.
An automated task is considered "done" once you set a new renewal date.
Manage custom tasks
There are three types of custom tasks: general, control, and risk. Custom tasks are color coded in blue.
You can mark tasks complete when the task owner is done, delete task, or mark task incomplete if necessary.
Control tasks can be managed within the control itself. Control tasks are created by mapping or assigning the task to a control either before or after the task is created.
Risk Management tasks
Note: Risk Management is part of the Advanced package and is separate from Risk Assessment. Learn more at https://drata.com/plans. Please contact your CSM or Support if you're interested in learning more and adding Risk Management to your account.
If you have our Risk Management feature, you can also add tasks on for each risk.
Go to Risk Management page.
Select the desired risks.
On the Risk drawer, scroll down to the Tasks section and select Create task.
Enter the task details such as title, description, task owner, and due date.
The Risk Management feature includes an additional role, Risk Manager. Risk Managers can view a filtered timeline on the Tasks page, showing only tasks associated with risks.
Information Security Leads cannot view risk tasks on the timeline shown on the Tasks page, as they do not have access to the Risk Management tool.
Task notifications
If you have tasks assigned to you in the following month, you'll receive a notification on the 15th of the month. You will not receive an email if you have no tasks assigned to you, or if the tasks assigned to you for next month are already complete.
If you do not want to receive this email, it can be managed in your notification settings. Depending on your role, you may not have access to the notifications settings page.
Select your user account to go to the Settings page.
Select Notifications.
Enable Monthly reminder for upcoming tasks.
Tasks and Workspaces
If you have our Workspaces featured enabled for your account, there are some specific things you need to know about managing tasks.
Tasks are workspace specific. This applies to both automated and custom tasks. If there is a piece of manually uploaded evidence or a report, it will only show up on the task timeline specific to that workspace. If you create a task on the task timeline within one workspace, it will only appear in that workspace. Since policies and vendors are company-wide compliance objects, they will appear across all task timelines.
Next, since the task timeline is workspace specific, it also knows which users with the Workspace Manager role can be created and filtered within each workspace.
Since the Risk Management tool only applies to the primary workspace, risk tasks can only be created for the primary workspace as well.
Feedback about task management
We are always looking for feedback on how we can improve! If you have feedback on how tasks can better serve your workflow, please let us know. Select on the question mark icon in the upper right corner of Drata and select Roadmap, ideas, and releases to give us feedback directly.