Understand the Drata Platform

Training videos (login required) and step-by-step guides for all Drata features

259 articles

Quick Start

Quick Start Guide (New Experience)Get started with Drata by following the Quick Start guide to set up core integrations, configure compliance workflows, and reach initial compliance value quickly.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Dashboard

Dashboard overview (New Experience)Get an overview of the Drata Dashboard, including compliance readiness, alerts, test trends, tasks, and key risk indicators.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Connections

Understanding Connections in Drata (New Experience)Connections in Drata integrate your identity, HRIS, infrastructure, and development tools to automate evidence collection and continuously support compliance.

Integrate Multiple Identity and HRIS Connections (New Experience)You can connect multiple identity providers (IdPs) and HRIS systems to streamline personnel compliance management.

How Drata Uses HRIS Data (New Experience)This article explains how Drata connects to HRIS systems, what employee data is accessed, how that data is stored and used, and what options are available if no HRIS integration…

Multiple MDM Support (New Experience)Connect multiple MDM providers to Drata to monitor devices across systems with automatic syncing and clear data priority rules.

Partner Connections: Expanding Compliance with External Tools

Manage connected infrastructure accounts (New Experience)Drata’s Infrastructure page shows synced cloud accounts, links them to personnel, tracks access revocation, and displays read-only MFA and access indicators for compliance monitoring.

Manage connected version control (New Experience)Learn how Drata displays and evaluates version control access, including write access, merge permissions, and MFA status

Link accounts to personnel in Drata (New Experience)Learn how to link accounts to personnel in Drata, handle service and system accounts and mark accounts out of scope.

Ad-hoc identity and account resync (New Experience)Learn how to manually resync identity and account data in Drata to immediately reflect access and personnel changes.

Connect your HRIS to DrataLearn how to connect HRIS providers to Drata and the available HRIS providers.

GitHub Access: Should I use my personal account or a new company account?Use your personal GitHub account, but add your work email and set proper notification routing

GitHub Rulesets IntegrationHow does Drata support GitHub rulesets

GitLab MFA configurationsGitLab MFA options for GitLab.com and Self-managed

Allowlist IP Addresses for WAF Configurations

Custom Connections and Tests_{5 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{6 articles}

Controls

Mark Controls In or Out of Scope (New Experience)

Manage Scope and Exclusions in Drata

Apply Default Mappings for Controls (New Experience)

Create, Edit, and Manage Controls (New Experience)

Map evidence and policies to controls (New Experience)

Assess and Manage Individual Controls (New Experience)

Manage Required Approval and Control Readiness (New Experience)Learn the stages of required approvals and how to setup or delete required approvals.

Manage Notifications for Required Approvals and Control Updates (New Experience)

Import or Update Controls in Bulk (New Experience)

Revert a Control to Drata’s Latest DCF Template (New Experience)

Export Control-to-Requirement Mappings (New Experience)

The Drata Control Framework_{2 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{18 articles}

Monitoring

Monitoring Overview (New Experience)Learn how to use Monitoring in Drata to review test results and maintain continuous audit readiness.

Understanding Test Provisioning and the Test Library (New Experience)

Test Library (New experience)

Filter and search tests in Monitoring (New Experience)Learn how to filter, search, and narrow tests in Drata’s Monitoring page to quickly find results, review findings, and resolve compliance gaps.

View and Manage Test Details (New Experience)Learn how to use the test details page in Drata Monitoring to investigate test results, remediate issues, manage exclusions, and understand how tests impact control readiness and compliance.

Manage Tests in Monitoring Page (New Experience)Learn how to run, enable, disable, publish, or export one or more tests in Drata’s Monitoring page.

Enable AI Summaries for Tests (New Experience)Learn how to enable AI-powered summaries for failed custom tests in Drata’s Monitoring page, generate explanations for failures, and streamline issue resolution.

Add tests from the Test Library to a workspace (New Experience)

Map tests to controls (New Experience)Manually map tests to controls to ensure monitoring results accurately reflect how your controls are implemented.

Download Audit Evidence for a Custom Test (New Experience)

Disable a test (New Experience)Disable a test when the test itself does not apply to your environment or when the control is monitored outside of Drata.

Exclude findings from tests (New Experience)Use this article to exclude specific items from a compliance test when the test does not apply to those items.

Exclusions vs. Disabling a Test (Concept Guide)When should you use each option within Drata?

Excluding Infrastructure resourcesExclusions in Drata let you exclude specific resources or test findings from compliance monitoring to reduce noise, manage audit scope, and focus on relevant evidence.

Exclusion labels within GCPImplementing exclusion labels for specific resources

Exclusion tags within AWSImplementing exclusion tags for specific resources

Exclusion tags within AzureImplementing exclusion tags for specific resources

Identify and Add Missing Azure Permissions for DrataUnderstand why Drata Azure tests fail and how to add the required Microsoft Graph API and Azure RBAC permissions to restore monitoring.

Identify and Add Missing AWS Permissions for Drata

Identify and Add Missing GCP Permissions for Drata

Resolve SSL/TLS Compliance Testing Issues in Drata

DratabotHow to verify the Dratabot

Custom Tests_{6 articles}

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{11 articles}

Evidence

Evidence Overview (New Experience)Centralize, manage, and track audit-ready evidence across controls with Drata’s Evidence.

Evidence Renewal Date (New Experience)

Create Evidence (New Experience)

Add Jira Tickets as Evidence (New Experience)Use Jira tickets as evidence to demonstrate how compliance and security work is tracked and completed.

Delete Evidence (New Experience)

Manually Export Evidence Data from Drata (New Experience)

Example Evidence for Not Monitored Controls Linked to Policies

Limited Private Beta - Drata Evidence Library SyncSync frequently-requested compliance and security documents from Drata's Evidence Library to SafeBase.

Sync Evidence from Drata to SafeBase Trust Library

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{6 articles}

Policies

Policy Center overview (New Experience)Use the Policy Center to manage the policies required for audit readiness and ongoing compliance. From a single place, you can create, edit, review, approve, publish, and track policies throughout…

Create a policy (New Experience)This article explains how to create a custom policy and replace an existing Drata template.

Assigning policies to specific groups (New Experience)

View and edit a policy (New Experience)This article explains who can edit a policy, how to make updates, and how approvals and versioning work in the new experience.

Add comments in your policy (New Experience)This article explains when you can comment or edit a policy, how comments work, and how Policy Owners manage edits during reviews.

Delete a policy Draft (New Experience)

Understanding the approval process (New Experience)This article explains how policy approvals work, how to configure approvers, and how to publish a policy once approval is complete.

Policy owner notifications (New Experience)

Map policies to controls in Drata (New Experience)Mapping policies to controls allows Drata to evaluate control readiness and run policy-related compliance tests.

Manage policy renewals (New Experience)

Download your Policies (New Experience)

Archive and restore policies (New Experience)This article explains when policies can be archived, why some policies can’t be archived, and how to restore archived or replaced policies.

External Policy: Use BambooHR to manage your policies (New Experience)Use this workflow if your organization manages policies and acknowledgments in BambooHR and uses Drata for audit evidence and control mapping.

External Policy: Use Confluence or Notion to manage your policiesUse this workflow if your organization manages policy content in Confluence or Notion and uses Drata as the system of record for audit evidence and control mapping.

Managing Policies Synced from Confluence in Drata

Manage and Configure Policy Controls in Drata

Creating an SLA for employee onboarding completion (New Experience)Use this article to understand and configure the onboarding grace period that determines when compliance tests begin evaluating new personnel.

AI-powered control suggestions for policiesUse AI suggestions to map policies to controls, reduce manual work, and keep compliance mappings accurate and up to date.

Configure Policies to Support Compliance Test Completion in Drata

Linking directly to specific employee security policiesEmbedding links to Drata policies in other tools or locations

Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{17 articles}

Personnel

Personnel Overview (New Experience)Learn how to navigate Drata’s Personnel page, filter and view employee compliance data, and export records for audit readiness.

Populating and Managing Personnel Data in Drata (Concept Guide)How Drata uses data from your HRIS to supplement personnel information

Identity sync updates in DrataUnderstand when personnel, user, and device changes will show in Drata

Confirm your personnelConfirm personnel hold the correct status in Drata

Mark personnel as Out of Scope (New Experience)

Personnel exclusions (New experience)Use this article to create and manage personnel exclusions in the new experience.

Bulk Import Personnel Training Records (New Experience)Upload training completion records for multiple personnel at once using a CSV or Excel file.

Bulk Import Personnel Background Checks (New Experience)Upload completed background checks for multiple personnel at once using a CSV file, instead of updating each record individually.

Send reminder email to personnel (New Experience)Use this article to send reminders to personnel who haven’t completed required onboarding items in Drata.

Reset recurring personnel trainings (New Experience)Reset configure recurring reset schedules. Some trainings must be completed on a recurring basis (such as Security Awareness, HIPAA, or AI Awareness) to maintain compliance and demonstrate ongoing security awareness.

Personnel Offboarding Evidence (New Experience)Learn how to upload or automate offboarding evidence for former employees in Drata using files or Jira tickets.

Resume IdP and HRIS syncs for personnel (New Experience)Use this article to resume syncing personnel details from your connected identity provider (IdP) or human resources information system (HRIS).

Why active employees may appear as former employees in Drata? (Concept Guide)Use this article to understand why active employees may appear as Former Employee or not appear in the Personnel list in Drata.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{8 articles}

Assets

Assets (New Experience)

Understanding Device Linking, Removal, and Visibility in DrataLearn how unlinking or removing a device affects compliance in Drata and follow troubleshooting steps if a device is missing from the Assets or Personnel pages.

Virtual Asset Population: AWSDrata automatic population of Virtual Assets

Azure Virtual Asset

GCP Virtual AssetsLearn how to automate your GCP asset inventory, how to mark assets our of scope, and how Drata automatically assigns asset owner.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Vulnerabilities

Vulnerabilities (New Experience)

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Vendors

Vendors overview in Drata (New Experience)

Vendor insights (New Experience)

Add a prospective vendor (New Experience)Use prospective vendors to evaluate third parties before onboarding.

Vendor risks (New Experience)

Vendor suggestions (New Experience)

Integrate Zip with Drata Vendor Management (Custom Integration)

Vendor Automated Impact Assessment (New Experience)

Create and Manage Vendor Questionnaires (New Experience)

Start and manage security reviews for your vendors (New Experience)

Customize the vendor questionnaire email subject line (New Experience)Only in the New experience, you can customize the subject line used for vendor questionnaire emails.

Security Questionnaire Automation (SQA) Beta Sunset NoticeSecurity Questionnaire Automation (SQA) Beta will officially sunset on April 30, 2026.

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{8 articles}

Risk

Terminology Updates: Inherent and Residual Risk in Vendor Risk ManagementTo better align with industry-standard Governance, Risk, and Compliance (GRC) frameworks, Drata has updated the terminology used within the Vendor Risk Management (VRM) experience.

Risk Management overview (New Experience)

Risk insights overview (New Experience)

Getting started with a risk assessment (Concept Guide)Understanding how to apply risk management principles to Drata’s Risk Management Standard offering

Your First Risk Assessment: A Step-by-Step Guide (Concept Guide)New to risk assessments? This help article walks you through it, one simple step at a time.

Integrating Fraud Risk into Your Risk Assessment (Concept Guide)How to incorporate fraud risk into your organization’s standard risk assessment approach.

Risk categories in DrataRisk categories in Drata help you organize, filter, and report on risks in your Risk Register.

Streamlined Risk Register Set Up (New Experience)

Import Risk in Bulk (New Experience)Custom risks can be uploaded quickly using our guided import flow, making it simple to bring your existing risk inventory into Drata.

Drata's Risk Library (New Experience)

Understanding the Drata Risk RegisterNavigate Your Risk Landscape: Explore Drata's Risk Register Headers

Assess and Manage Individual Risks (New Experience)

Add and View Residual Risk in the Risk Register (New Experience)

Custom Formulas for Risks (New Experience)

Risk Treatment Plan GuidanceRisk Assessment Results and Treatment Plan

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{7 articles}

Events

Events Overview (New Experience)

Annotate an event (New Experience)You can add notes to an event to provide additional context for auditors or internal reviewers. Notes are attached directly to the event and become part of the event’s audit…

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{2 articles}

Access Review

Add an Application Manually for Access Reviews (New Experience)

Upload or Update Personnel Data for Access Reviews (New Experience)

Run an Access Review (New Experience)Access Reviews help you review and validate user access across connected applications.

Example Access Review Procedure

User Access Reviews for Microsoft 365Ensure the following prerequisites are met before setting up Microsoft 365 for user access reviews.

Download Access Review Evidence and Review Details

Classic Drata ExperienceIf your account hasn’t been updated to the New Drata Experience yet, use these guides for step‑by‑step instructions._{1 article}

Trust Center

Set up your Trust Center to proactively share your security posture

Trust Center Essential and Pro Plans

Managing and Updating Your Trust Page

Public Trust page URL

Publishing your Public Trust page

Download reports from Trust Center

Announcements (Trust Center Pro only)

Compliance

Trust Center: Security

Policies for Trust Center

Continuous MonitoringContinuous Monitoring within Trust Center

Topics and Common Questions (Trust Center Pro only)

Privacy Details

Preview & View as Visitor

Submitting and Approving RequestsSubmitting and Approving Requests

Custom Access Length Expiration (Trust Center Pro only)

Revoking Access

Pre-Approved Email Domains (Trust Center Pro only)

Display Details

Document access managementConfigure the privacy of your more sensitive documents with an NDA, configure email notifications, and set limits on document access length.

Salesforce: Streamline your documentation access request

Streamline your documentation access requestConnect a CRM, such as Salesforce, to Drata in order to provide more context to, and streamline, document access requests.

Trust Center Analytics Dashboard

Trust Center - Web Analytics TrackingTrack Trust Center insights with your web analytics provider

Trust Center: Custom Titles and DescriptionsLearn how to customize your public Trust Center page by updating your section titles and descriptions to align with your business.

Trust Center: Reorder your sections and documentsLearn how to reorder your sections and documents on your Trust Center page to highlight key information and content for your visitors.

Security ReportDrata provides you with a security report summarizing your current status for distribution to auditors, customers or others

What should be included in the annual BCP/DR test and Incident Response test?