Skip to main content
All Collections
System Access Control Policy Guidance
Acceptable Use Policy Guidance
Asset Management Policy Guidance
Backup Policy Guidance
Business Continuity Plan Guidance
Code of Conduct Guidance
Example Threat Assessment Plan
Question to ask a Potential ISO 27001 Certification Body (i.e. Auditor)
Does Drata Have a Privacy Policy Template?
Reviewing Your Vendors' SOC 2 Reports Using Drata
Data Classification Policy Guidance
Example Evidence for Not Monitored PCI DSS Controls
Password Policy Guidance
Terms of Service Guidance: DCF-63 and DCF-66
Data Retention Policy Guidance
Responsible Disclosure Policy Guidance
Physical Security Policy Guidance
Vendor Management Policy Guidance
Example Completed Data Classification Table
Encryption Policy Guidance
Disaster Recovery Plan Guidance
Incident Response Plan Guidance
Information Security Policy Guidance
How to Adjust Controls When you don’t have a Board of Directors
Do cloud-hosted systems need Contingency Plans?
How to Determine Key Vendors to include in Drata
Example Access Review Procedure
Required Documentation for PCI DSS
Offboarding Checklist
GDPR: Where do I Start?
Free Security Tools for Startups
Example Business Continuity Plan
How do Bring Your Own Device (BYOD) Devices Affect my Audit?
How to Handle Device Compliance for Chromebooks
SOC 2 System Description
SOC 2 Trust Services Categories Overview
SOC 2 Background Checks FAQs
SOC 2 Checklist
SOC 2 Type 1 vs Type 2: Which Audit Type Should I Choose
Questions to ask a potential SOC 2 auditor
What to look for when reviewing your draft SOC 2 report
Transition Guidance for ISO 27001:2013 to ISO 27001:2022
Example Evidence for Not Monitored GDPR Controls
Vulnerability Scanning Guidance
Are Contractors in Scope for my Audit?
Policy Acknowledge Grouping
Roles and Responsibilities Guidance
Business Continuity Plan - Appendix A: Business Impact Analysis
Security Engineering Principles
Annual Compliance Review
Are we required to have an independent Board of Directors?
Policies to Framework Summary
Vulnerability Management Policy Guidance
Software Development Lifecycle (SDLC) Policy Guidance
Risk Assessment Policy Guidance
Data Protection Policy Guidance
Company Information Fields FAQs
Change Management Policy Guidance
5 Tips for getting started on your Drata policies!
Evidence Library
Example Evidence Gitlab On-Prem