Understand the Drata Platform

Training videos (login required) and step-by-step guides for all Drata features

226 articles

Quick Start

Quick Start Guide (New Experience)Get started with Drata by following the Quick Start guide to set up core integrations, configure compliance workflows, and reach initial compliance value quickly.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Dashboard

Dashboard overview (New Experience)Get an overview of the Drata Dashboard, including compliance readiness, alerts, test trends, tasks, and key risk indicators.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Connections

Connect your HRIS to DrataLearn how to connect HRIS providers to Drata and the available HRIS providers.

GitHub Access: Should I use my personal account or a new company account?Use your personal GitHub account, but add your work email and set proper notification routing

GitHub Rulesets IntegrationHow does Drata support GitHub rulesets

GitLab MFA configurationsGitLab MFA options for GitLab.com and Self-managed

Partner Connections: Expanding Compliance with External Tools

Understanding Connections in Drata (New Experience)Connections in Drata integrate your identity, HRIS, infrastructure, and development tools to automate evidence collection and continuously support compliance.

Manage connected infrastructure accounts (New Experience)Drata’s Infrastructure page shows synced cloud accounts, links them to personnel, tracks access revocation, and displays read-only MFA and access indicators for compliance monitoring.

Link accounts to personnel in Drata (New Experience)Learn how to link accounts to personnel in Drata, handle service and system accounts and mark accounts out of scope.

Manage connected version control (New Experience)Learn how Drata displays and evaluates version control access, including write access, merge permissions, and MFA status

Ad-hoc identity and account resync (New Experience)Learn how to manually resync identity and account data in Drata to immediately reflect access and personnel changes.

Integrate Multiple Identity and HRIS Connections (New Experience)You can connect multiple identity providers (IdPs) and HRIS systems to streamline personnel compliance management.

How Drata Uses HRIS Data (New Experience)This article explains how Drata connects to HRIS systems, what employee data is accessed, how that data is stored and used, and what options are available if no HRIS integration…

Multiple MDM Support (New Experience)Connect multiple MDM providers to Drata to monitor devices across systems with automatic syncing and clear data priority rules.

Custom Connections and Tests_{5 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{6 articles}

Controls

Manage Scope and Exclusions in Drata

Assess and Manage Individual Controls (New Experience)

Create, Edit, and Manage Controls (New Experience)

Manage Required Approval and Control Readiness (New Experience)Learn the stages of required approvals and how to setup or delete required approvals.

Manage Notifications for Required Approvals and Control Updates (New Experience)

Apply Default Mappings for Controls (New Experience)

Mark Controls In or Out of Scope (New Experience)

Export Control-to-Requirement Mappings (New Experience)

Revert a Control to Drata’s Latest DCF Template (New Experience)

Map evidence and policies to controls (New Experience)

Import or Update Controls in Bulk (New Experience)

The Drata Control Framework_{2 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{18 articles}

Monitoring

Exclusions vs. Disabling a Test (Concept Guide)When should you use each option within Drata?

Resolve SSL/TLS Compliance Testing Issues in Drata

Excluding Infrastructure resourcesExclusions in Drata let you exclude specific resources or test findings from compliance monitoring to reduce noise, manage audit scope, and focus on relevant evidence.

Exclusion labels within GCPImplementing exclusion labels for specific resources

Exclusion tags within AWSImplementing exclusion tags for specific resources

Exclusion tags within AzureImplementing exclusion tags for specific resources

DratabotHow to verify the Dratabot

Monitoring Overview (New Experience)Learn how to use Monitoring in Drata to review test results and maintain continuous audit readiness.

Manage Tests in Monitoring Page (New Experience)Learn how to run, enable, disable, publish, or export one or more tests in Drata’s Monitoring page.

Filter and search tests in Monitoring (New Experience)Learn how to filter, search, and narrow tests in Drata’s Monitoring page to quickly find results, review findings, and resolve compliance gaps.

View and Manage Test Details (New Experience)Learn how to use the test details page in Drata Monitoring to investigate test results, remediate issues, manage exclusions, and understand how tests impact control readiness and compliance.

Map tests to controls (New Experience)Manually map tests to controls to ensure monitoring results accurately reflect how your controls are implemented.

Disable a test (New Experience)Disable a test when the test itself does not apply to your environment or when the control is monitored outside of Drata.

Enable AI Summaries for Tests (New Experience)Learn how to enable AI-powered summaries for failed custom tests in Drata’s Monitoring page, generate explanations for failures, and streamline issue resolution.

Download Audit Evidence for a Custom Test (New Experience)

Test Library (New experience)

Identify and Add Missing Azure Permissions for DrataUnderstand why Drata Azure tests fail and how to add the required Microsoft Graph API and Azure RBAC permissions to restore monitoring.

Identify and Add Missing AWS Permissions for Drata

Identify and Add Missing GCP Permissions for Drata

Exclude findings from tests (New Experience)Use this article to exclude specific items from a compliance test when the test does not apply to those items.

Custom Tests_{6 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{12 articles}

Evidence

Example Evidence for Not Monitored Controls Linked to Policies

Limited Private Beta - Drata Evidence Library SyncSync frequently-requested compliance and security documents from Drata's Evidence Library to SafeBase.

Evidence Overview (New Experience)Centralize, manage, and track audit-ready evidence across controls with Drata’s Evidence.

Delete Evidence (New Experience)

Create Evidence (New Experience)

Evidence Renewal Date (New Experience)

Add Jira Tickets as Evidence (New Experience)Use Jira tickets as evidence to demonstrate how compliance and security work is tracked and completed.

Manually Export Evidence Data from Drata (New Experience)

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{6 articles}

Policy Center

Linking directly to specific employee security policiesEmbedding links to Drata policies in other tools or locations

Manage and Configure Policy Controls in Drata

Managing Policies Synced from Confluence in Drata

Configure Policies to Support Compliance Test Completion in Drata

Policy Center overview (New Experience)Use the Policy Center to manage the policies required for audit readiness and ongoing compliance. From a single place, you can create, edit, review, approve, publish, and track policies throughout…

View and edit a policy (New Experience)This article explains who can edit a policy, how to make updates, and how approvals and versioning work in the new experience.

Add comments in your policy (New Experience)This article explains when you can comment or edit a policy, how comments work, and how Policy Owners manage edits during reviews.

Understanding the approval process (New Experience)This article explains how policy approvals work, how to configure approvers, and how to publish a policy once approval is complete.

Create a policy (New Experience)This article explains how to create a custom policy and replace an existing Drata template.

Archive and restore policies (New Experience)This article explains when policies can be archived, why some policies can’t be archived, and how to restore archived or replaced policies.

Delete a policy Draft (New Experience)

Manage policy renewals (New Experience)

Assigning policies to specific groups (New Experience)

Creating an SLA for employee onboarding completion (New Experience)Use this article to understand and configure the onboarding grace period that determines when compliance tests begin evaluating new personnel.

External Policy: Use BambooHR to manage your policies (New Experience)Use this workflow if your organization manages policies and acknowledgments in BambooHR and uses Drata for audit evidence and control mapping.

External Policy: Use Confluence or Notion to manage your policiesUse this workflow if your organization manages policy content in Confluence or Notion and uses Drata as the system of record for audit evidence and control mapping.

Policy owner notifications (New Experience)

Map policies to controls in Drata (New Experience)Mapping policies to controls allows Drata to evaluate control readiness and run policy-related compliance tests.

Download your Policies (New Experience)

AI-powered control suggestions for policiesUse AI suggestions to map policies to controls, reduce manual work, and keep compliance mappings accurate and up to date.

Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{17 articles}

Personnel

Confirm your personnelConfirm personnel hold the correct status in Drata

Why active employees may appear as former employees in Drata? (Concept Guide)Use this article to understand why active employees may appear as Former Employee or not appear in the Personnel list in Drata.

Populating and Managing Personnel Data in Drata (Concept Guide)How Drata uses data from your HRIS to supplement personnel information

Identity sync updates in DrataUnderstand when personnel, user, and device changes will show in Drata

Personnel Overview (New Experience)Learn how to navigate Drata’s Personnel page, filter and view employee compliance data, and export records for audit readiness.

Personnel exclusions (New experience)Use this article to create and manage personnel exclusions in the new experience.

Send reminder email to personnel (New Experience)Use this article to send reminders to personnel who haven’t completed required onboarding items in Drata.

Resume IdP and HRIS syncs for personnel (New Experience)Use this article to resume syncing personnel details from your connected identity provider (IdP) or human resources information system (HRIS).

Reset recurring personnel trainings (New Experience)Reset configure recurring reset schedules. Some trainings must be completed on a recurring basis (such as Security Awareness, HIPAA, or AI Awareness) to maintain compliance and demonstrate ongoing security awareness.

Mark personnel as Out of Scope (New Experience)

Personnel Offboarding Evidence (New Experience)Learn how to upload or automate offboarding evidence for former employees in Drata using files or Jira tickets.

Bulk Import Personnel Training Records (New Experience)Upload training completion records for multiple personnel at once using a CSV or Excel file.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{8 articles}

Assets

Understanding Device Linking, Removal, and Visibility in DrataLearn how unlinking or removing a device affects compliance in Drata and follow troubleshooting steps if a device is missing from the Assets or Personnel pages.

Virtual Asset Population: AWSDrata automatic population of Virtual Assets

Azure Virtual Asset

GCP Virtual AssetsLearn how to automate your GCP asset inventory, how to mark assets our of scope, and how Drata automatically assigns asset owner.

Assets (New Experience)

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Vulnerabilities

Vulnerabilities (New Experience)

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Vendors

Integrate Zip with Drata Vendor Management (Custom Integration)

Vendors overview in Drata (New Experience)

Vendor risks (New Experience)

Vendor insights (New Experience)

Add a prospective vendor (New Experience)Use prospective vendors to evaluate third parties before onboarding.

Vendor suggestions (New Experience)

Create and Manage Vendor Questionnaires (New Experience)

Start and manage security reviews for your vendors (New Experience)

Vendor Automated Impact Assessment (New Experience)

Customize the vendor questionnaire email subject line (New Experience)Only in the New experience, you can customize the subject line used for vendor questionnaire emails.

Secure Questionnaire Automation (SQA) Beta Sunset NoticeSecure Questionnaire Automation (SQA) Beta will officially sunset on April 30, 2026.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{8 articles}

Risk

Getting started with a risk assessment (Concept Guide)Understanding how to apply risk management principles to Drata’s Risk Management Standard offering

Your First Risk Assessment: A Step-by-Step Guide (Concept Guide)New to risk assessments? This help article walks you through it, one simple step at a time.

Integrating Fraud Risk into Your Risk Assessment (Concept Guide)How to incorporate fraud risk into your organization’s standard risk assessment approach.

Understanding the Drata Risk RegisterNavigate Your Risk Landscape: Explore Drata's Risk Register Headers

Risk Treatment Plan GuidanceRisk Assessment Results and Treatment Plan

Risk Management overview (New Experience)

Assess and Manage Individual Risks (New Experience)

Drata's Risk Library (New Experience)

Add and View Residual Risk in the Risk Register (New Experience)

Streamlined Risk Register Set Up (New Experience)

Custom Formulas for Risks (New Experience)

Risk insights overview (New Experience)

Import Risk in Bulk (New Experience)Custom risks can be uploaded quickly using our guided import flow, making it simple to bring your existing risk inventory into Drata.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{7 articles}

Events

Events Overview (New Experience)

Annotate an event (New Experience)You can add notes to an event to provide additional context for auditors or internal reviewers. Notes are attached directly to the event and become part of the event’s audit…

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{2 articles}

Access Review

Example Access Review Procedure

User Access Reviews for Microsoft 365Ensure the following prerequisites are met before setting up Microsoft 365 for user access reviews.

Run an Access Review (New Experience)Access Reviews help you review and validate user access across connected applications.

Add an Application Manually for Access Reviews (New Experience)

Download Access Review Evidence and Review Details

Upload or Update Personnel Data for Access Reviews (New Experience)

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}