All Collections
Compliance
Do cloud-hosted systems need Contingency Plans?
How to Determine Key Vendors to include in Drata
Example Access Review Procedure
Required Documentation for PCI DSS
Offboarding Checklist
GDPR: Where do I Start?
ISO 27001 Checklist
Vulnerability Scanning Guidance
Free Security Tools for Startups
Example Business Continuity Plan
How do Bring Your Own Device (BYOD) Devices Affect my Audit?
How to Handle Device Compliance for Chromebooks
SOC 2 System Description
Example Evidence for Not Monitored GDPR Controls
How to Adjust Controls When you don’t have a Board of Directors
Example Evidence for Not Monitored PCI DSS Controls
Acceptable Use Policy Guidance
Asset Management Policy Guidance
Backup Policy Guidance
Business Continuity Plan Guidance
Code of Conduct Guidance
Transition Guidance for ISO 27001:2013 to ISO 27001:2022
Example Threat Assessment Plan
Question to ask a Potential ISO 27001 Certification Body (i.e. Auditor)
Does Drata Have a Privacy Policy Template?
Reviewing Your Vendors' SOC 2 Reports Using Drata
Data Classification Policy Guidance
ISO 27001:2022 Example ISMS Plan
ISO 27001:2013 Example ISMS Plan
System Access Control Policy Guidance
Password Policy Guidance
Terms of Service Guidance: DCF-63 and DCF-66
Data Retention Policy Guidance
Responsible Disclosure Policy Guidance
Physical Security Policy Guidance
ISO 27001 Certification Review Template
Vendor Management Policy Guidance
Example Completed Data Classification Table
Encryption Policy Guidance
Disaster Recovery Plan Guidance
Incident Response Plan Guidance
Information Security Policy Guidance
Are Contractors in Scope for my Audit?
SOC 2 Trust Services Categories Overview
Policy Acknowledge Grouping
Roles and Responsibilities Guidance
SOC 2 Background Checks FAQs
Business Continuity Plan - Appendix A: Business Impact Analysis
Security Engineering Principles
Questions to ask a potential SOC 2 auditor
Annual Compliance Review
What to look for when reviewing your draft SOC 2 report
Are we required to have an independent Board of Directors?
Example Evidence for Not Monitored Controls (SOC 2, ISO 27001, HIPAA)
Policies to Framework Summary
Vulnerability Management Policy Guidance
Software Development Lifecycle (SDLC) Policy Guidance
Example Evidence for Not Monitored Controls Linked to Policies
ISO 27001 Background Check FAQs
Risk Assessment Policy Guidance
SOC 2 Checklist
Data Protection Policy Guidance
SOC 2 Type 1 vs Type 2: Which Audit Type Should I Choose
Company Information Fields FAQs
Change Management Policy Guidance
Example Evidence for Not Monitored NIST 800-53r5 Controls
5 Tips for getting started on your Drata policies!
Evidence Library
Example Evidence Gitlab On-Prem