Compliance automation has traditionally hinged on pre-built integrations for cloud services. But what happens when you're running critical systems on premises, using homegrown tools or adopting new platforms that aren't natively supported yet? Manual evidence collection, fragmented audits, and coverage gaps become inevitable.
Enter Custom Connections and Tests (CCT) from Drata. This capability empowers you to bring any data—from any source—into Drata's compliance platform. Whether it's a proprietary app, a legacy system, or a niche SaaS tool, you can now push structured data into Drata and run fully automated, custom compliance tests.
What is CCT and Who is it For?
CCT is designed for professionals managing compliance who collaborate with technical teams or service partners to ensure full automation coverage. The test-building process is designed to be straightforward, effective, and flexible.
Ideal users include:
Practitioners in mid-market to enterprise organizations.
Teams managing complex or hybrid environments.
Companies facing rapid changes from mergers and acquisitions, new business lines, or evolving tech stacks.
CCT is a no-cost upgrade included with Drata's Advanced and Enterprise plans delivering greater value and flexibility with no usage limits.
The CCT Workflow: Step-by-Step
Create a Custom Connection: Define your data structure by providing a JSON sample or manually building a schema. This tells Drata how to interpret the evidence you'll send. You can create this in just a few clicks from the "Connections" panel.
Submit Evidence to Confirm Connection: Ensure your schema is working by submitting your first dataset.
Get Data and Push It to Drata: Use automation platforms (like Make.com, Tines, Zapier) or your own scripts to GET data from your source system. Then POST your JSON data into Drata. You can control the schedule and cadence based on your business needs.
Build a Custom Test: With the Test Builder, you can apply logic to your custom data. For instance, you can check if MFA is enabled, if SSL certs are valid, or any condition your control framework requires. Advanced users can access Drata’s JSON editor for complex nested logic.
Verify Results and Map Controls: Once your test is running, results will surface in the Monitoring tab. From here, you can review events, manage exceptions, and map tests to compliance controls like SOC 2, ISO 27001, or GDPR.
Real-World Use Cases
Vulnerability Scanning: Check that a vulnerability scan has run within the past 7 days
Log Retention Validation: Confirm log retention policies meet a one-year minimum
Security Training Monitoring: Verify employees have completed required security training
Customer Data Retention: Ensure customer data retention and deletion policies are being followed
Backup Validation: Confirm recent backup execution and retention timelines
Coming Soon
Drata continues to evolve CCT with powerful features on the horizon to make it even easier to connect, automate, and scale:
Webhook for Event-Driven Triggers: Automatically initiate actions on third-party platforms based on events in Drata.
Expanded API Endpoints: More flexibility and use cases through a broader set of API capabilities.
CSV Bulk Import Enhancements: Simplify and speed up onboarding of large datasets.
These roadmap items reinforce Drata’s commitment to flexibility and scale—ensuring that CCT remains a long-term solution for comprehensive automation, even in the most complex environments.
Future-Proof Your Compliance Automation
Business and technology never stand still—and neither should your compliance program. With Custom Connections and Tests, Drata offers a scalable, future-ready solution that adapts to your evolving stack. Unlimited usage in Advanced and Enterprise packages ensures you're always equipped to automate new systems as they arise.
No matter how unique your environment, Drata helps you maintain continuous monitoring without compromise.
Want to see it in action? Check out our Help Article, Brief Overview Demo, and In-Depth Automation Setup Demo to get started.
