- - Resources
Events
Compliance 102
Industry Jobs
Drata.com

Drataverse | Drata’s Inaugural User and Compliance Summit

(Thu, 22 Jun, 17:00)

Home
Community overview

Welcome to the Community!

Learn. Grow. Improve.

Community Categories

Open API

2 topics
2 Replies

Security Best Practices

16 topics
14 Replies

Compliance Frameworks

15 topics
23 Replies

Everything Else

42 topics
21 Replies

Drataverse

7 topics
6 Replies

Recent Activity
Unanswered Questions

Helina MedhinCommunity Manager

General Discussion

Compliance Uncomplicated Episode 5 📡🚀: An InfoSec Perspective to Digital Security Success With Nemean Services

In the fifth episode of our Compliance Uncomplicated podcast, Max Glynn—Information Security Manager at Nemean Services, recently promoted to Information Risk Assurance Manager for the entire MITMARK group—joins us to discuss digital asset security, continuous compliance, and what it takes to lead your company to information security success.Drata’s Rick Stevenson, Manager of Cybersecurity Risk Management and Compliance, Helina Medhin, Senior Community Strategist, and I go on a deep dive with Max on how to take an InfoSec approach to securing your company, and how Nemean Services walks the walk. Got a question for Max? Let’s continue the conversation below 👇 ⬇️

Helina MedhinCommunity Manager

General Discussion

Ask Me Almost Anything (AMAA): Got a Question for Eden Data's Taylor Hersom? 🤔 Drop it below for our next episode! 👇 ⬇️

Got a question for Eden Data’s Taylor Hersom? Drop it below for to be featured in our next Ask Me Almost Anything episode. 🚀Ask Me Almost Anything is a series that goes behind the scenes with today’s industry thought leaders. We’ve got our own questions of course, but it’s even better when we hear directly from you!

Helina MedhinCommunity Manager

General Discussion

Giveaway Alert 🔔 🚨 🎉 : Share your best practices for cloud compliance for a chance to win!

Moving “to the cloud” doesn’t free your organization from information security or data privacy concerns. In fact, you will face new risks as third-party vendors replace your on-premises systems. Controlling those cloud risks is easier when you adopt security frameworks like ISO/IEC 27001 or SOC 2.Check out this article to learn about the importance of cloud compliance. And share your best practices improve your organization’s security in the cloud below for a chance to win 🏆 a pair of airpods on us! 👀 🎧

Helina MedhinCommunity Manager

Education and FAQs

Drata's Open API: Postman and Tines

Check out this video to explore ways to interact with Drata’s Open API. Partner Solutions Engineer, Ted Ghaffarian, walks us through downloading the API collection that is available publicly and using the API collection software, Postman, to automate posting functions. We’ll also learn more about Tines, workflow automation software. Add your questions and thoughts below 👇 ⬇️ . Two Ways to Interact with Drata's Open API

Helina MedhinCommunity Manager

General Discussion

Vendor Management Policies: Why Do You Need Them? What Are The Benefits?

A vendor management policy defines a consistent process for controlling the risks you face whenever your business works with third parties. Any interactions between your systems and those of your suppliers, customers, and contractors could open pathways through your security defenses. Controlling these risks improves security and compliance, but only if you plan ahead. Check out the full article to learn what you need to know about creating a vendor management policy. And share your thoughts with us below 👇 ⬇️ .

Helina MedhinCommunity Manager

Let's talk continuous compliance. What is it? How do you achieve it?

Compliance audits are chaos engines. Every six to 12 months, people get pulled from their core duties. Newly discovered compliance gaps send everyone scrambling for fixes. With deadlines approaching, the best fix takes a back seat to the quickest fix. Audit complete, everyone returns to their jobs. But who knows what issues are simmering beneath the surface?Seasonal chaos is not the path to compliance. Automation opens a more sustainable course. This article will explain how continuous compliance is a less disruptive option—especially for today’s cloud-based architectures. Read the full article here, and comment below 👇 how you achieve continuous compliance.

Helina MedhinCommunity Manager

A Quick-Start Guide of the SOC 2 System Description

The SOC 2 system description describes the boundaries of your SOC 2 report and includes important information about the people, processes, technology, and controls that support your service or product. Check out this article that walks you through our recommendations to help make producing this document a smooth process.

terryrNew Participant

Risk Management

Gap Assessment

Good day,where can I get a gap assessment tool set?

noodledennisNew Participant

Call for Submissions

Presentation - ISO 27001: Putting Threat Intelligence Into ActionNew

With the new ISO rules, this is a great opportunity to discuss how to build a threat intel program. Title: ISO 27001: Putting Threat Intelligence Into ActionPresenter: Neal Dennis, Ex-NSA, current Threat Intelligence AnalystIn today's fast-evolving threat landscape, building a robust threat intelligence strategy is crucial for organizations to mitigate the risk of cyberattacks and data breaches. In this session, I'll discuss developing a comprehensive threat intelligence program that aligns with the new ISO 27001:2022 standard. We will also examine the benefits of using threat intelligence to enhance an organization's security posture, including detecting, preventing, and responding to cyber threats.Key takeaways:Understanding the ISO 27001:2022 standard and how it relates to threat intelligence: We will explore the key changes in the latest version of the ISO 27001 standard and how threat intelligence can help organizations comply with these requirements. Building a threat intelligenc

Call for Submissions

Panel - Compliance Uncomplicated LiveNew

So excited for Drataverse! Here’s my idea for a fun, informative live panel below. Title: Compliance Uncomplicated LiveType: Live PanelDescription: Drata’s podcast, Compliance Uncomplicated, is focused on how companies and other brands are building trust with customers, scaling their business, and building a culture of security through compliance. I’m proposing we host an episode of Compliance Uncomplicated LIVE where audience members can interact and ask questions during the live session. By attending this live panel you’ll:Hear firsthand from peers on how they’re using compliance to accelerate business goals Come away with a greater understanding of how compliance can be a business driver for your organization Get tips on how other companies are cementing a security-first company culture and how your organization can do the same

terryrNew Participant

Risk Management

Gap Assessment

Good day,where can I get a gap assessment tool set?

Helina MedhinCommunity Manager

General Discussion

How to have a positive audit experience. Vote & share to win!

Hey all! I know there can be a lot of stigma around audits, but it’s definitely possible to have a positive experience in this arena.🤓 Check out this article for Drata’s expertise on handling an audit. And for the chance to win a brand new pair of Apple airpods 🎶🎧, vote on the poll below & share your audit questions and comments below! 👇🏽 Entries will be accepted until December 23rd at 10AM PST.

ciberguyNew Participant

General Discussion

Risks vs Issues

Hey, I would like to better understand Risks and Issues please.My understanding is that the former is a potential future loss event and the latter is a weakness/vulnerability/control gap etc. that usually comes out of audits/assessments.If that’s correct, I have some additional questions:Do you maintain separate registers for them? Is it fair to say that most issue have (or can have) a corresponding risk entry in the risk register? e.g. The lack of/inadequate DLP controls can have an entry in the issue register and also the risk register (as a data leakage risk scenario). If above statement and example is true, why can’t we just capture issues (control gaps/findings) as risks in the risk register (instead of issues in a separate register)? Is it because we don’t want the risk register to become really big with lots of entries? or because of other reasons too? Many thanks in advance.

Upcoming Events

Recently Awarded Badges

noodledennishas earned the badge Convo Starter
alexaovenshirehas earned the badge Convo Starter
CourtHhas earned the badge Responder
Monica Olmstedhas earned the badge Responder
terryrhas earned the badge Responder

Show all badges

Quick links

Drata Support Chat

Have a question about Drata or integrations? Let's chat.

Drata Help Center

Access Drata's support knowledge base to get answers to your questions now.

Resources

Find all the guidance you need as you navigate through our success resources.

Powered by inSided

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Username *

E-mail address *

Company

(Private)

Only you and moderators can see this information

*

Job Title

Short Bio

Tell us about yourself (select all that apply) *

Drata User GRC Professional Security Professional IT Professional Auditor Drata Partner Executive or Business Leader

Country

State

City

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK