Drata gives you the flexibility to create your own controls and map them to requirements and evidence. This allows you to have greater management of your compliance programs within Drata.
Prerequisite
Only account administrators or information security lead have access to this functionality within Drata.
Create a new control
Navigate to the Controls page.
Note: The 'Controls' page on the left navigation will only be present for tenants with access to more than one framework.
Select the Create New Control button at top of the page.
The 'Create New Control' drawer will slide open. You must enter the required fields for the control info: Name, Code (this field supports letters, numbers, and symbols), and Description. You can enter additional fields if desired.
Next, map the control to one or more framework requirements.
Select the requirements. Controls must be mapped to at least one requirement.
Finally, you can optionally add evidence for a control by linking policies and reports within Drata, or uploading external files.
You can always link (or unlink) this evidence after the control is created. Learn more about linking evidence to controls here.
Select 'Save' to create your control.