HERE'S WHAT

Customers need to provide proof of actions that they took for each personnel that is off-boarded. Some of these actions are related to access removal, HR, and etc. With this feature, we allow automatic import of offboarding evidence from Jira or provide it manually for each employee.

BEFORE DIVING IN

Offboarding evidence can only be uploaded for former personnel
Linking tickets or automatic ticket collection as evidence for offboarding is only available with a Jira connection enabled.
When a former personnel is sampled in the audit, only linked tickets that are closed in Jira will get included in the evidence download. Drata determines closed by looking at the resolution date on the ticket.
For automated ticket matching using JQL, you need to have a project and type (issue type: i.e. story) specified
For automated ticket matching using JQL, we currently do not support custom fields (only Jira default fields are supported)
For linked Jira tickets, we use the resolution date to confirm the ticket has been closed. If there is no resolution date on the ticket, this will not be considered as passing evidence, even if the overall status of the ticket is Closed or Completed.
- NOTE: Team-managed projects in Jira do not expose a resolution date field on tickets. At this time we do not support team-managed projects. Company-managed projects do expose this field, so tickets from this project type and marked with this date will be considered as passing evidence.

HERE'S HOW

Personnel Compliance Updates

Offboarding evidence is now a compliance check for former personnel in Drata.

View and upload offboarding evidence:

In the personnel page, select the “detailed” view

A column for “offboarding evidence” has been added next to the “separation date” for personnel.

Manually upload offboarding evidence for a former personnel:

Click on the personnel you want to upload evidence for. Click on “View / Upload Evidence” for the Offboarding Evidence section.

Upload file(s) for that personnel.

Manually Link Jira Tickets for Offboarding Evidence

You can now link a Jira ticket as evidence in Drata for offboarding for a former personnel.

Click on the personnel you want to upload evidence for. Click on “View / Upload Evidence” for the Offboarding Evidence section.

Make sure the Ticket tab is selected

Paste the URL of the Jira ticket into the “Ticket URL” field and click on the “Link” icon

Multiple tickets can be linked to the same personnel. All linked tickets will be shown underneath the “Ticket URL” field

To unlink a Jira ticket from offboarding evidence for a personnel, click on the “unlink” button on that ticket.
Note: Only closed tickets will show up as evidence in the audit package

Automatic Evidence Collection with Jira

You can configure Drata to automatically search and identify offboarding Jira tickets that will be linked to their respective personnel in Drata.

Click on company settings and click on “Human Resources”

Scroll down to the “Automate Offboarding Evidence Collection” section. By default, the toggle will be off.

Turn the toggle on to configure the collection. Click on “Configure”

Enter the JQL from Jira that provides the list of all offboarding related tickets (past and ongoing).
- For automated ticket matching using JQL, you need to have a project and type (issue type: i.e. story) specified
- For automated ticket matching using JQL, we currently do not support custom fields (only Jira default fields are supported)
- For linked Jira tickets, we use the resolution date to confirm the ticket has been closed. If there is no resolution date on the ticket, this will not be considered as passing evidence.
- If you have multiple Jira connections, you will be prompted to select which connection you want to collect the evidence from – automatic collection is only supported in a single connection.
- Your JQL must have only one project and must have a ticket type specified, otherwise we cannot pull in the relevant fields to match the tickets correctly.

You will be prompted to select one or both personnel criteria to match tickets from that JQL search in the previous step. Selecting both means the ticket must contain the personnel’s name and the personnel’s email.

When you select a criteria, select which field in the jira ticket we should look for to find that information.
- For example, if you select “Personnel Full Name” and you select “Title” for that field, Drata will first run the JQL search to obtain all the offboarding tickets. It will then parse those tickets to find a match for a former personnel’s name in the title of those tickets. Any ticket(s) with a match will get linked in the offboarding evidence section of Drata’s personnel page.
  Note: If multiple former personnel with the same exact first name and last name are found, all the matched evidence will be linked for all.

Once you click “Next”, Drata will search through the Jira tickets using the JQL search and use the matching criteria to provide up to 5 examples of Jira tickets that would be linked to a former personnel record in Drata.

If you feel that Drata accurately matched the tickets in the examples, click “Finish”. If you are not satisfied, you can click “Back” to modify the matching criteria or the JQL in the previous steps and try to obtain a more accurate result. Once ready, Click “Close”

Within 24 hours, Jira tickets will get linked as evidence to former personnel. You can manually unlink any tickets by going to the personnel page, viewing the offboarding evidence, and clicking “Unlink '' on a ticket that Drata automatically linked.

Former Personnel Offboarding Test

We have added a new test that checks whether offboarding evidence is available for all former personnel. The test requirement can be met by providing offboarding evidence manually or automatically via Jira or by excluding personnel.

Note: The offboarding test is disabled for existing customers but can be turned on at any point.