Drata

With Drata, you can efficiently conduct security reviews for your vendors directly from their profile's Security Reviews tab.

Go to the Security Reviews tab to view past reviews, including SOC reviews.

Select New Review. You can choose to start a security review, SOC report review, or upload a completed review report.

1. Navigate to the Vendors page.
2. Select the desired vendor.
3. Go to the Security Reviews tab to view past reviews, including SOC reviews.
4. Select New Review. You can choose to start a security review, SOC report review, or upload a completed review report.

Select Security Review and enter vendor details.

Add relevant files like SOC 2 reports, send questionnaires through Drata, or manually upload responses.

- For questionnaires sent and received through Drata, select View to examine the responses.
- If enabled, view <a href="https://help.drata.com/en/articles/9130254-ai-summaries-for-vendor-questionnaire-responses">AI summaries of uploaded questionnaires</a>.

Add final observations and select a security decision: Approve, Approve with Exceptions, or Reject.

Select Mark Review as Complete to view an overview and download the summary for colleagues. Re-open the review if needed.

1. Select Security Review and enter vendor details.
2. Add relevant files like SOC 2 reports, send questionnaires through Drata, or manually upload responses.
 - For questionnaires sent and received through Drata, select View to examine the responses.
 - If enabled, view <a href="https://help.drata.com/en/articles/9130254-ai-summaries-for-vendor-questionnaire-responses">AI summaries of uploaded questionnaires</a>. 
3. Add final observations and select a security decision: Approve, Approve with Exceptions, or Reject.
4. Select Mark Review as Complete to view an overview and download the summary for colleagues. Re-open the review if needed.

If your Security Review deadline falls within 90 days of your review completion date, the deadline will be automatically adjusted based on your review frequency, if you have a recurring review frequency set up. 

For example, if you complete a review on June 10th with a June 25th deadline and a 6-month review frequency, the new deadline is December 25th (6 months from the original deadline).

Select SOC Report Review to begin. Use the vendor’s SOC 2 report for reference and fill out each section according to the guidance <a href="https://help.drata.com/en/articles/7065036-reviewing-your-vendors-soc-2-reports-using-drata">here</a>.

- You can Save and Close to continue later. 
- Note: You cannot start a new SOC report review for the vendor until the current review is completed or deleted.

Once completed, select Finish Review.

1. Select SOC Report Review to begin. Use the vendor’s SOC 2 report for reference and fill out each section according to the guidance <a href="https://help.drata.com/en/articles/7065036-reviewing-your-vendors-soc-2-reports-using-drata">here</a>.
 - You can Save and Close to continue later. 
 - Note: You cannot start a new SOC report review for the vendor until the current review is completed or deleted.
2. Once completed, select Finish Review.

If you have a review report completed outside of Drata, you can select Upload review report to upload and store it in the vendor’s profile.

Start a Security Review

Create a Security Review

Create a SOC Report Review

Upload review report