Drata gives you the flexibility to create your own controls and map them to requirements and evidence. This allows you to have greater management of your compliance programs within Drata.
BEFORE DIVING IN
Only account administrators or information security lead have access to this functionality within Drata.
HERE'S HOW
Click on the 'Create New Control' button at top of the Controls page.
Note: The 'Controls' page on the left navigation will only be present for tenants with access to more than one framework.
The 'Create New Control' drawer will slide open. Fill out the 'Control Info'. The following fields are required:
Name
Code -- this field supports letters, numbers, and symbols
Description
You can optionally enter a Control Question and Control Activities.
Next, map the control to one or more framework requirements.
Select the requirements. Please note that controls must be mapped to at least one requirement.
Finally, you can optionally add evidence for a control by linking policies and reports within Drata, or uploading external files. You can always link (or unlink) this evidence after the control is created. Learn more about linking evidence to controls here.
Select 'Save' to create your control.