Background
Filling in your Company Information will be important in Drata after you successfully connected your systems. To begin, Navigate to Settings -> Company Info
What are the Company Information Fields for?
The Company Information Fields serve two purposes:
Provides an overview of your company and your product/s, which may be used by your auditor and/or customers to understand what your company does and what you are offering
Helps satisfy a few Drata controls as some of the Company Information Fields are part of what is being inspected by some of our Monitoring Tests
Company Information Fields
Email Domain - the Email Domain field is referring to the primary domain used by your company for your website and email addresses. This field is associated with Test: SSL/TLS Enforced on Company Website, which helps satisfy control DCF-55: SSL/TLS Enforced.
Common Name - the Company Name is the name you go by as on your day-to-day operations, such as your “dba” name. The Company Name in the policies were seeded from the Common Name when the tenant was first created.
**Please note: If the common name is updated in the UI, the policies will not update to reflect that change. You can either manually update the policies to reflect what you entered or we can open a ticket on our side to change it in the backend which should update everything for you.Full Legal Name - the Full Legal Name field is referring to your organization’s official name that is recognized by legal documents and authorities.
Incorporation / Founding Year - the Incorporation / Founding Year field is looking for the year when your company was officially and legally established.
Phone Number - the Phone Number field is primarily looking for the primary phone number that your company uses to directly receive calls from stakeholders, clients, and partners.
Company Description - the Company Description field focuses on providing high-level information about the company and what you do.
Mailing Address - the Mailing Address field is referring to the physical location where the company operates and/or receives correspondence, packages, and mail. We recommend filling this field out with specific information such as:
PO Box (if applicable)
Street Name
Suite or Apt Number
City
State
Postal Code
Country
Privacy Policy URL - the Privacy Policy URL field is looking for your publicly available Privacy Policy that details your company’s confidentiality and privacy commitments to your customers. This URL field is associated with Test: Privacy Policy Publicly Available, which helps satisfy control DCF-65: Maintains a Privacy Policy.
Terms of Use URL - the Terms of Use URL is looking for your publicly available terms of service where you outline your organization’s security and availability commitments to your customers. This URL field is associated with Test: Terms of Service Publicly Available, which helps satisfy control DCF-66: Maintains a Terms of Service.
**Please note: In cases where a Terms of Service is not applicable or not publicly available, you can disable the test and upload a copy of your contract template directly to the control. For more information, please see Terms of Service Guidance: DCF-63 and DCF-66Support/Help URL - the Support/Help URL will help you demonstrate that your customers can reach out to you should they need to submit things like questions, complaints, potential security issues, etc. This URL field is associated with Test: Contact Information Available to Customers, which helps satisfy control DCF-8: Disclosure Process for Customers.
Security/Compliance Email - the Security/Compliance Email is referring to the email address that your customers can use to report security issues to you or contact your security/compliance team. This is best positioned at your website, but this can also be indicated in your contracts with your customers. This email may be [email protected] or [email protected].
**Please note: The email address entered in this field will be used by Trust Center to receive notifications and requests to access Trust Center documents and reports. We recommend separating this from your generic support email.Sample MSA (Master Service Agreement) - This is to show that you have formal agreements in place with customers explaining your commitments to them and what they are responsible for. In lieu of a Master Service Agreement, you can use other contracts such as Terms of Service, Service Agreement, Statement of Work, etc. This is associated with Test: MSAs Offered to Customers, which helps satisfy control DCF-64: Commitments Explained to Customers.
**Please note: If you have multiple products, you can upload one here and upload the rest directly to DCF-64: Commitments Explained to Customers, under Map External Evidence.