In the New Drata Experience, custom fields support enterprise-scale compliance programs by enabling consistent data collection across objects such as risks, controls, vendors, and personnel.
Prerequisites
To create and manage custom fields, you must have an Administrator role.
Custom fields are available with the Advanced and Enterprise plans.
Create a custom field
You can create up to 500 custom fields, and up to 50 of those fields can include placements (where the field appears in the platform).
Each custom field counts toward the total limit, even if it is hidden or used in multiple placements.
Step 1: Open Custom Fields settings
From anywhere in Drata, select Settings from the main navigation.
Under Configuration, select Fields and formulas.
Select Create field near the top-right corner of the table.
Step 2: Enter field details
Configure the custom field
Name: Enter a unique field name.
Description: Enter an optional description.
Placement
Location: Where the field appears (for example, Risks or Controls)
Section: The section of the detail page where the field will display
Type: Select the input type.
Short answer (max 191 characters)
Dropdown (2–30 options)
Number (less than 1,000,000,000; negatives allowed)
Currency (max 999,999,999,999,999.99; negatives allowed)
Long answer (max 30,000 characters)
URL (must be valid format)
Make this required field:
Check to require this field when creating or editing objects.
Note: If you make a field required, users must enter a value when updating existing items.
Hide this field:
Check to hide the field from view without removing stored data.
Hidden fields can be restored at any time.
Step 3: Save your field
Select Save to create your custom field.
Note: After creation, you cannot change the field type (for example, Short answer → Number).
A success message confirms the field was created. You can also track this action in Event Tracking.
Example: Create a custom Risk Status field
You can create a dropdown field to track risk status across your program. Enter the following custom field configurations:
Name: Risk status
Type: Dropdown
Options:
Open
In progress
Closed
Required: Checked
Hidden: Not checked
Location: Risks
Section: Details
This field will appear on the Risk detail section, supporting consistent reporting and filtering across risk workflows.
Example: Create a custom Currency Risk field
You can also track currency-based risk impact.
Enter:
Name: Currency risks
Type: Currency
Currency type: USD
Required: Not checked
Location: Risks
Section: Assessment
Custom fields like this become part of the structured dataset available across risk reporting and galleries.
View or edit a custom field
To view or manage existing custom fields:
Go to Settings → Fields and formulas
Select a field from the list
You can:
Update dropdown options
Make the field optional or required
Hide or display the field
Update the section where it appears
Delete a custom field
Deleting a custom field permanently removes the field and its associated data.
Go to Settings → Fields and formulas
Select the field
Select Delete Field
Confirm deletion in the double confirmation modal
⚠️ This action cannot be undone.
Download custom field data
To download data for a custom field, the field must have at least one placement. These custom fields are included in downloadable CSV exports.
Example: Download Risk Status data
Go to Risk Management
Select Download
Choose a CSV export option
The exported file will include your custom field values.