All Collections
Compliance
These articles will provide guidance, questions, and example plans on various compliance frameworks
Does Drata Have a Privacy Policy Template?
Example Evidence for Not Monitored PCI DSS Controls
Example Completed Data Classification Table
How to Adjust Controls When you don’t have a Board of Directors
Do cloud-hosted systems need Contingency Plans?
How to Determine Key Vendors to include in Drata
Example Access Review Procedure
Required Documentation for PCI DSS
Offboarding Checklist
Terms of Service Guidance: DCF-63 and DCF-66
GDPR: Where do I Start?
Free Security Tools for Startups
How do Bring Your Own Device (BYOD) Devices Affect my Audit?
How to Handle Device Compliance for Chromebooks
Example Evidence for Not Monitored GDPR Controls
Are Contractors in Scope for my Audit?
Policy Acknowledge Grouping
Business Continuity Plan - Appendix A: Business Impact Analysis
Security Engineering Principles
Annual Compliance Review
Are we required to have an independent Board of Directors?
Policies to Framework Summary
Company Information Fields FAQs
5 Tips for getting started on your Drata policies!
Evidence Library
Example Evidence Gitlab On-Prem
Acceptable Use Policy Guidance
Asset Management Policy Guidance
Backup Policy Guidance
Business Continuity Plan Guidance
Example Business Continuity Plan
Change Management Policy Guidance
Code of Conduct Guidance
Data Classification Policy Guidance
Data Protection Policy Guidance
Data Retention Policy Guidance
Disaster Recovery Plan Guidance
Encryption Policy Guidance
Information Security Policy Guidance
Incident Response Plan Guidance
Password Policy Guidance
Physical Security Policy Guidance
Responsible Disclosure Policy Guidance
Risk Assessment Policy Guidance
Roles and Responsibilities Guidance
Software Development Lifecycle (SDLC) Policy Guidance
System Access Control Policy Guidance
Example Threat Assessment Plan
Vendor Management Policy Guidance
Vulnerability Management Policy Guidance
Vulnerability Scanning Guidance
SOC 2 Type 1 vs Type 2: Which Audit Type Should I Choose
SOC 2 Checklist
Questions to ask a potential SOC 2 auditor
SOC 2 System Description
SOC 2 Trust Services Categories Overview
SOC 2 Background Checks FAQs
What to look for when reviewing your draft SOC 2 report
Reviewing Your Vendors' SOC 2 Reports Using Drata