Overview
SafeBase's Drata integration gives customers a seamless way to sync security policies, monitored controls, and company metadata into SafeBase. With this integration, customers can directly sync content housed within the Drata platform to SafeBase's Trust Center Document Library (DL) and enhance AI-powered Questionnaire Assistance (AIQA) by sourcing accurate, verified data directly from the Drata platform.
The integration syncs data on a daily schedule, running overnight during US hours. After the daily sync, users must manually link documents to Trust Center items for visibility, and optionally upload other documents.
Getting Started
Please submit a ticket or reach out via Live Chat or Email to start the process.
The SafeBase team requires two items from your Drata tenant's Settings. Both of these are found in the Drata app, in Settings > Company Info.
Account ID
A 36-character UUID
Data Residency Location (commonly referred to as Region)
One of three possible values: United States, Europe, or Asia Pacific
Where to find your Account ID and Region? (Expand ⤵️)
Where to find your Account ID and Region? (Expand ⤵️)
Found in the Drata app > Settings > Company Info
Configuration
Once the SafeBase team has confirmed that the integration has been enabled, a SafeBase user with the Admin role can navigate to the Settings > Integrations section of the Trust Center, and click Connect.
Options
Once connected, admins will be presented with three options:
Policy sync - Automatically bring published policies from Drata into SafeBase. These policies are stored as documents in the Trust Library and can also be used in the Trust Center to simplify security reviews.
Syncs from Active Published Policies in Drata's Policy Center.
AIQA Control Sync - Syncs ready controls from Drata, making AIQA smarter and more accurate. AIQA will reference these controls when answering security questionnaires and cite Drata as a source, ensuring responses are verifiable and aligned with real-time security data.
Syncs from In-scope Ready Controls Drata's Controls section, from the primary workspace only
AIQA Company Metadata Sync - Pulls in company metadata from Drata, enabling more contextually aware and precise answers. By using Drata as a data source, SafeBase ensures security teams provide consistent, audit-ready information at scale.
Syncs from Drata's Settings > Company Info
Note: If you would like to change the above options at a later date, simply click the ⚙️ icon located next the the integration.
If connecting the integration fails for any reason, you may continue the same chat or email with our Support team.
Post-Configuration Manual Actions
After syncing data from Drata to SafeBase’s Documents section, the following steps are recommended to fully configure your Trust Center:
Navigate to the Documents section to review the data.
Manually link synced documents to relevant Trust Center items. This action is essential since the integration does not automatically create document links.
Ensure that all uploaded and linked documents are appropriately named and categorized for ease of use and maximum transparency.
If there are further documents outside of published Drata policies that you wish to publish in your Trust Center or use as sources for AIQA, such as SOC 2 reports or W-9 forms, you must manually upload these through the Documents section of SafeBase.
Limited Private Beta - Drata Evidence Library Sync
Customers who have been selected for this beta feature can sync certain artifacts from their Drata Evidence Library into SafeBase's Documents section. There are some key limitations within the current beta:
Only evidence in the primary Drata workspace will be synced
Your Drata tenant must be hosted in the North America (NA) region
The Drata Evidence Library artifact must have a
filesource. Further, the raw file format must be supported by SafeBase. The supported formats are the same as for manually upload documents:Accepted file types in SafeBase:
avif,csv,doc,docx,gif,jpeg,jpg,json,pdf,png,svg,tiff,txt,webp,xls,xlsb,xlsm,xlsx,zipMax size per file: 75 MB
Drata personnel will apply certain settings on your Drata tenant and SafeBase organization to enable the sync. You must also ensure the Drata integration in SafeBase's Settings area is connected (it is OK if the three individual toggle are off).
Once these settings are in place, you will see a new column called "SafeBase Trust Library Status" in Drata's Evidence Library table view.
You will also see a new tab called "SafeBase Trust Library" within the view of a single artifact.
Bulk Sync
In the main table view of Evidence Library, use the Filters button at the upper left and choose Source -> File. Apply other filters as needed. Use the checkboxes in the left column to select at least one artifact. Now, a "Sync to Trust Library" button will appear above the table. Click this button.
In the modal, choose to mark selected pieces of evidence to be Synced or Not Synced. Selecting Synced will display the toast message that the sync is in progress.
Note: We recommend using the filter above to only sync artifacts with files that are supported in SafeBase. If other unsupported artifacts are chosen to be synced, you will still be able to proceed to the modal and will still see the success toast message.
The table will update the "SafeBase Trust Library Status" to "In progress" for all pieces of evidence that are being synced.
Any pieces of evidence that are not eligible to be synced will remain as - for the
SafeBase Trust Library Status.
Once the syncing is complete, refresh the page to see that that the "SafeBase Trust Library Status" field now shows "Synced."
Individual Sync
Within the view of a single artifact, you will see a new field labeled "SafeBase Trust Library Status" as well as a new tab labeled "SafeBase Trust Library."
Click into the "SafeBase Trust Library" tab. You will see the current sync status of this artifact. Click the Edit button to turn the sync on or off.
Check the box to sync the current artifact, or uncheck it to turn off the sync. Then click Save.
Sync When Adding Evidence
On the main Drata Evidence Library screen, click the Add Evidence button at the upper right. In the Artifact -> Source dropdown, choose "File." Then attach a file of one of the supported formats. You will now see a "Sync this evidence's current artifact to SafeBase Trust Library" checkbox at the bottom of the "Artifact" section of the drawer. Check that box to sync this artifact.
