To maintain SOC2 compliance, everyone with a BRM email address needs to have the Drata agent installed on their laptop. You’ll receive an invite through your BRM email to sign up for Drata and install the agent.

The Drata agent is lightweight, read-only, and designed to confirm that minimum security settings are enabled on your computer. Here’s some key information about it:

• Read-Only: The Drata agent doesn’t modify anything on your computer; it simply checks that essential security settings are in place.
• Limited Data Sharing: Only a few security-relevant settings and a list of installed apps (to confirm a password manager) are shared. This data is accessible solely to Fabian, our CTO.
• More Details: Here’s an overview of how the Drata agent functions.

The Drata agent will verify that:

• A password manager is installed (e.g., 1Password).
• Auto-updates are enabled for software.
• Antivirus software is installed (macOS includes this by default).
• Your hard drive is encrypted (this setting is easy to enable and significantly improves security).

Overall, the Drata agent is unobtrusive, but it plays a critical role in ensuring our compliance with SOC2. Thank you for helping keep our systems secure!