All Collections
Frameworks
Linking Evidence to Controls
Linking Evidence to Controls

In order to demonstrate proof of a control, you will link evidence to that control

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

HERE'S WHY


Drata allows you to link evidence directly to a control in order to build a repository for your audit. This eliminates the need for a separate storage place for those controls that do not have continuous monitoring tests in Drata.

BEFORE DIVING IN

Only account administrators and information security leads have access to this section within Drata.

HERE'S HOW

When you click on a specific control, a drawer will extend from the right side of the page. Learn more about the control drawer here.

At the bottom of the 'Control Details' drawer you will see 'Control Evidence'.

Your first option is to link a policy from the 'Policy Center' to a control. When you select 'Add', a modal will open including all of the policies you currently have in Drata.

To link a policy, use the tick box to the left of the policy and select 'Save'. If you want to create a new policy, you will see a prompt to do so in the upper right corner of the modal.

Note: Drata's templated policies have been automatically mapped to the applicable controls. You can unlink a pre-mapped (or any) policy at any time.

Another option is to add 'Miscellaneous evidence'. When you select 'Add', a modal will open with two tabs, providing the option to upload a file or enter a URL.

When uploading a file, you can include a name and description, but if you opt not to do so, the file name will be populated as the name of the evidence. You are required to enter a creation date and a renewal date – these dates are used to determine the readiness of a control.

The creation and approved file types include: pdf, docx, odt, xlsx, ods, pptx, odp, gif, jpeg, jpg, png, csv, zip, txt, json, markdown, and md. The file upload max size is 25MB.

Click 'Save File' when all information has been entered.

When adding a URL, you’re required to add a name, creation date, and renewal date. You can optionally enter a description. A .csv file with the URL(s) will be available when downloading external evidence.

Click 'Save URL' when all information has been entered.

To edit a file or URL, select the edit icon on the evidence you'd like to update. Make any changes you'd like to make and click the save button.

Did this answer your question?