Create a new vendor's security review
Created
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "title": "Security review title",
- "reviewDeadlineAt": "2025-07-01T16:45:55.246Z",
- "requestedAt": "2025-07-01T16:45:55.246Z",
- "securityReviewStatus": "NOT_YET_STARTED",
- "securityReviewType": "SECURITY",
- "requesterUserId": 1
}{- "id": 1,
- "requestedAt": "2019-08-24T14:15:22Z",
- "reviewDeadlineAt": "2019-08-24T14:15:22Z",
- "decision": "APPROVED",
- "note": "string",
- "status": "NOT_YET_STARTED",
- "type": "SECURITY",
- "user": {
- "id": 1,
- "entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
- "firstName": "Sally",
- "lastName": "Smith",
- "jobTitle": "CEO",
- "drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "roles": [
- "ROLE",
- "ANOTHER_ROLE"
], - "backgroundChecks": [
- {
- "id": 1,
- "userId": 1,
- "status": "OK",
- "caseId": "abc123",
- "caseInvitationId": "abc123",
- "manualCheckDate": "2020-07-06",
- "manuallyCheckUrl": "url.com",
- "type": "CERTN",
- "source": "DRATA",
- "reportData": "string",
- "user": { },
- "outOfScopeReason": "abc123",
- "outOfScopeAt": "2025-07-01T16:45:55.246Z",
- "linkedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "identities": [
- {
- "id": 1,
- "identityId": "1a2b3c",
- "username": "Username",
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "disconnectedAt": "2025-07-01T16:45:55.246Z",
- "hasMfa": true,
- "user": { },
- "connection": {
- "id": "1",
- "clientType": "GOOGLE",
- "state": "ACTIVE",
- "connected": false,
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "failedAt": "2025-07-01T16:45:55.246Z",
- "companyId": "12341234",
- "assignmentId": "FLk12AsS",
- "user": { },
- "accountId": "string",
- "clientId": "abc123",
- "clientAlias": "My-connection-alias-1",
- "manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
- "aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
- "deletedAt": "2025-07-01T16:45:55.246Z",
- "requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
- "product": { },
- "writeAccessEnabled": false,
- "sourcePreference": "LABEL",
- "securityLabel": "Jira Security Label",
- "jqlQuery": "project = IT AND type = \"Offboarding\"",
- "authorized": true,
- "workspaces": [
- {
- "id": 1,
- "name": "Drata",
- "description": "Platform to track SOC 2 compliance within the organization",
- "howItWorks": null,
- "primary": true
}
], - "providerTypes": [
- 5
], - "code": 10010,
- "groupLabel": "Everyone"
}, - "hasIdp": true,
- "firstName": "John",
- "lastName": "Doe",
- "startedAt": "2025-07-01T16:45:55.246Z",
- "separatedAt": "2025-07-01T16:45:55.246Z",
- "isContractor": true,
- "jobTitle": "Engineer",
- "managerId": "x00jk12-2312",
- "managerName": "string"
}
], - "documents": [
- {
- "data": [
- {
- "id": 1,
- "name": "Security Training",
- "type": "SEC_TRAINING",
- "renewalDate": "2026-10-27",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "page": 1,
- "limit": 10,
- "total": 100
}
]
}, - "vendor": {
- "id": 1,
- "name": "Acme",
- "category": "ENGINEERING",
- "risk": "MODERATE",
- "type": "CONTRACTOR",
- "critical": false,
- "location": "USA",
- "trustCenterProvider": "DRATA",
- "servicesProvided": "Perform security scans once a month",
- "dataStored": "Resulting reports of security scans",
- "hasPii": true,
- "passwordPolicy": "USERNAME_PASSWORD",
- "passwordRequiresMinLength": true,
- "passwordMinLength": 8,
- "passwordRequiresNumber": true,
- "passwordRequiresSymbol": true,
- "passwordMfaEnabled": true,
- "contactAtVendor": "John Doe",
- "notes": "Meeting once a month to adjust contract",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "user": {
- "id": 1,
- "entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
- "firstName": "Sally",
- "lastName": "Smith",
- "jobTitle": "CEO",
- "drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "roles": [
- "ROLE",
- "ANOTHER_ROLE"
], - "backgroundChecks": [
- {
- "id": 1,
- "userId": 1,
- "status": "OK",
- "caseId": "abc123",
- "caseInvitationId": "abc123",
- "manualCheckDate": "2020-07-06",
- "manuallyCheckUrl": "url.com",
- "type": "CERTN",
- "source": "DRATA",
- "reportData": "string",
- "user": { },
- "outOfScopeReason": "abc123",
- "outOfScopeAt": "2025-07-01T16:45:55.246Z",
- "linkedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "identities": [
- {
- "id": 1,
- "identityId": "1a2b3c",
- "username": "Username",
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "disconnectedAt": "2025-07-01T16:45:55.246Z",
- "hasMfa": true,
- "user": { },
- "connection": {
- "id": "1",
- "clientType": "GOOGLE",
- "state": "ACTIVE",
- "connected": false,
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "failedAt": "2025-07-01T16:45:55.246Z",
- "companyId": "12341234",
- "assignmentId": "FLk12AsS",
- "user": { },
- "accountId": "string",
- "clientId": "abc123",
- "clientAlias": "My-connection-alias-1",
- "manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
- "aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
- "deletedAt": "2025-07-01T16:45:55.246Z",
- "requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
- "product": { },
- "writeAccessEnabled": false,
- "sourcePreference": "LABEL",
- "securityLabel": "Jira Security Label",
- "jqlQuery": "project = IT AND type = \"Offboarding\"",
- "authorized": true,
- "workspaces": [
- {
- "id": 1,
- "name": "Drata",
- "description": "Platform to track SOC 2 compliance within the organization",
- "howItWorks": null,
- "primary": true
}
], - "providerTypes": [
- 5
], - "code": 10010,
- "groupLabel": "Everyone"
}, - "hasIdp": true,
- "firstName": "John",
- "lastName": "Doe",
- "startedAt": "2025-07-01T16:45:55.246Z",
- "separatedAt": "2025-07-01T16:45:55.246Z",
- "isContractor": true,
- "jobTitle": "Engineer",
- "managerId": "x00jk12-2312",
- "managerName": "string"
}
], - "documents": [
- {
- "data": [
- {
- "id": 1,
- "name": "Security Training",
- "type": "SEC_TRAINING",
- "renewalDate": "2026-10-27",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "page": 1,
- "limit": 10,
- "total": 100
}
]
}, - "documents": [
- {
- "id": 1,
- "name": "AWS SOC 2 2018",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "lastQuestionnaire": {
- "vendorId": 0,
- "sendAt": "string",
- "sentEmail": "string",
- "file": "string",
- "respondedAt": "string",
- "responseId": 0,
- "isManualUpload": true,
- "completedBy": "string"
}, - "isSubProcessor": false,
- "isSubProcessorActive": false,
- "archivedAt": "2025-07-01T16:45:55.246Z",
- "status": "ACTIVE",
- "renewalDate": "2020-07-06",
- "renewalScheduleType": "ONE_YEAR",
- "renewalDateStatus": "COMPLETED",
- "confirmedAt": "2025-07-01T16:45:55.246Z",
- "reviews": [
- {
- "id": 1,
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "reviewer": "John Doe",
- "reviewDate": "2025-07-01T16:45:55.246Z",
- "reportIssueDate": "2025-07-01T16:45:55.246Z",
- "socReport": "SOC_1",
- "socReportType1": true,
- "socReportType2": true,
- "socType1StartDate": "2025-07-01T16:45:55.246Z",
- "socType1EndDate": "2025-07-01T16:45:55.246Z",
- "socType2StartDate": "2025-07-01T16:45:55.246Z",
- "socType2EndDate": "2025-07-01T16:45:55.246Z",
- "reportOpinion": "UNQUALIFIED",
- "encompassBusinessNeeds": true,
- "followUpActivity": "User must proceed to...",
- "hasMaterialImpact": true,
- "cpaFirm": "CPA firm name",
- "cpaProcedurePerformed": "The following procedures were performed...",
- "subserviceOrganization": "Subservice Inc.",
- "subserviceOrganizationUsingInclusiveMethod": true,
- "subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
- "trustServiceCategories": [
- {
- "id": 1,
- "category": "AVAILABILITY"
}
], - "userControls": [
- {
- "id": 1,
- "name": "End User Control 1",
- "inPlace": true
}
], - "services": [
- {
- "id": 1,
- "name": "Service 1"
}
], - "locations": [
- {
- "id": 1,
- "city": "San Diego",
- "stateCountry": "CA"
}
], - "findings": [
- {
- "id": 1,
- "description": "Finding 1"
}
]
}
], - "sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
- "isDrataUser": false,
- "events": 4,
- "integrations": [
- {
- "id": 1,
- "name": "Acme"
}
], - "cost": "1088",
- "operationalImpact": "CRITICAL",
- "environmentAccess": "READ_ONLY",
- "impactLevel": "INSIGNIFICANT",
- "dataAccessedOrProcessedList": [
- "string"
], - "latestSecurityReviews": [
- { }
], - "riskCount": 0,
- "vendorRelationshipContact": {
- "id": 1,
- "firstName": "Adam",
- "lastName": "Attack",
- "createdAt": "2025-01-08T21:18:10.846Z",
- "updatedAt": "2025-01-10T23:46:09.000Z"
}
}, - "requesterUser": {
- "id": 1,
- "entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
- "firstName": "Sally",
- "lastName": "Smith",
- "jobTitle": "CEO",
- "drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "roles": [
- "ROLE",
- "ANOTHER_ROLE"
], - "backgroundChecks": [
- {
- "id": 1,
- "userId": 1,
- "status": "OK",
- "caseId": "abc123",
- "caseInvitationId": "abc123",
- "manualCheckDate": "2020-07-06",
- "manuallyCheckUrl": "url.com",
- "type": "CERTN",
- "source": "DRATA",
- "reportData": "string",
- "user": { },
- "outOfScopeReason": "abc123",
- "outOfScopeAt": "2025-07-01T16:45:55.246Z",
- "linkedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "identities": [
- {
- "id": 1,
- "identityId": "1a2b3c",
- "username": "Username",
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "disconnectedAt": "2025-07-01T16:45:55.246Z",
- "hasMfa": true,
- "user": { },
- "connection": {
- "id": "1",
- "clientType": "GOOGLE",
- "state": "ACTIVE",
- "connected": false,
- "connectedAt": "2025-07-01T16:45:55.246Z",
- "failedAt": "2025-07-01T16:45:55.246Z",
- "companyId": "12341234",
- "assignmentId": "FLk12AsS",
- "user": { },
- "accountId": "string",
- "clientId": "abc123",
- "clientAlias": "My-connection-alias-1",
- "manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
- "aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
- "deletedAt": "2025-07-01T16:45:55.246Z",
- "requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
- "product": { },
- "writeAccessEnabled": false,
- "sourcePreference": "LABEL",
- "securityLabel": "Jira Security Label",
- "jqlQuery": "project = IT AND type = \"Offboarding\"",
- "authorized": true,
- "workspaces": [
- {
- "id": 1,
- "name": "Drata",
- "description": "Platform to track SOC 2 compliance within the organization",
- "howItWorks": null,
- "primary": true
}
], - "providerTypes": [
- 5
], - "code": 10010,
- "groupLabel": "Everyone"
}, - "hasIdp": true,
- "firstName": "John",
- "lastName": "Doe",
- "startedAt": "2025-07-01T16:45:55.246Z",
- "separatedAt": "2025-07-01T16:45:55.246Z",
- "isContractor": true,
- "jobTitle": "Engineer",
- "managerId": "x00jk12-2312",
- "managerName": "string"
}
], - "documents": [
- {
- "data": [
- {
- "id": 1,
- "name": "Security Training",
- "type": "SEC_TRAINING",
- "renewalDate": "2026-10-27",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "page": 1,
- "limit": 10,
- "total": 100
}
]
}
}
