Eden Data's Drata 14 Day Compliance Accelerator Program

DRATA CAP

Statement of Work

Eden Data is Drata's 2023, 2024 and 2025 Partner-of-the-Year and has deep expertise implementing Information Security Programs that leverage Drata as the foundation and baseline for all infosec and compliance requirements.

See our Reviews

CAP TIMELINE

WEEK 1
Week 1: Foundational Work & Technical Setup
Auditor & Penetration Testing Selection Consultation (if needed): Discuss requirements & make vendor recommendations 
Policy Development: Begin formulating compliance-aligned policies for your core policies and upload them to Drata 
Roles and ownership: Discuss importance of Policy and Control ownership, define next steps to assign proper ownership in Drata 
Vendor Support: We will upload a vendor to your repository as an example to follow
WEEK 2
Week 2: Documentation & Review 
Tabletop Exercises: Provide template and guidance for IR & DR tabletop scenarios
System Description Document Creation: Draft and review the system description document as required
(if pursuing SOC 2) 
Project Review and Closure: Virtually conduct a thorough review of all deliverables to ensure all objectives have been met, and identify next steps with your organization to ensure you continue to achieve your compliance and/or security objectives
Touchpoint call
WEEK 3&4
Week 3/4: Finalize deliverables from the CAP SOW
* If not completed in the first two weeks, we will extend the timeline until the SOW items are completed, at which point we will offer the project review and closure
AFTER CAP
OPTION 1
Continue independently: Follow the steps in Drata to navigate the 100+ steps to achieve audit-readiness.
OPTION 2
Graduate to Sprint: Our team will handle all the heavy lifting to get audit-ready, involving you only when absolutely required.

COMPARING SERVICE OFFERINGS

Time required
Focus
Engagement
Target client
In-house resource
needs 
Duration
CAP
We support and guide you to the extent you invest time and resources during program.
Upfront Drata setup to set you up for success:

• Foundational and technical setup
• Policy adjustments
• Tabletop Exercise
• Planning
• System Description
Asynchronous + touchpoint calls
Companies with dedicated compliance resources that just need some upfront guidance
Dedicated in-house resources (e.g. CISO or CTO) needed to ensure smooth transition after CAP to achieve audit-readiness on desired timeline
14-30 days
Time required
Focus
Engagement
Target client
In-house resource
needs 
Duration
SPRINT
We handle all heavy lifting, involving you only when absolutely required.
Total Drata configuration with bespoke customization to your business and compliance objectives:
• Policy customization
• Implement or guide all controls and integrations
• Lead all procedures and exercises
• Interface with auditor
Real-time communication + recurring syncs
Scaling companies that want to offload compliance and focus on other growth initiatives
Minimal resources required beyond point(s)-of-contact to confirm business details, hands on keyboard, implement instructed processes, and physically sign off on tasks
4-6 month upfront commitment, renewed monthly

READINESS TIMELINESx

Examples based on previous engagements

SCOPE OF WORK

DRATA Compliance Accelerator Program Statement of Work

Through a Drata trusted VCISO/MSSP partner, Drata offers a quickstart program to all their customers for implementing Information Security Programs that leverage Drata as the foundation and baseline for all infosec and compliance requirements.

What is NOT included

This service is intended to ensure that you are achieving tremendous value from the Drata platform early on in your journey. While your implementation team can support your organization beyond the 30 day Compliance Accelerator service, this service does not include support on the following: