HERE’S WHY
The ability to link controls information and evidence across Workspaces in integral for those managing compliance across Workspaces. This feature allows for applicable users to link control content (e.g. info), evidence, and policies across workspaces for the same control, which saves copious amounts of time when managing and maintaining controls for multiple business units, product lines, and the like.
BEFORE DIVING IN
You must have an Admin, Workspace Manager, Control Manager, and/or InfoSec Lead role
Workspace Managers have some restrictions in certain use cases
Workspaces must be enabled
Controls that have the same control code can be linked across workspaces
Ex. Drata Control DCF-1 in multiple workspaces
Ex. Custom Controm ABC-10 in multiple workspaces
Only the following sections of a control can be linked across Workspaces:
Control Info
Policies
Evidence from Evidence Library
When Evidence is shared across workspaces, that evidence can then be used indefinitely within those shared Workspaces and acts very similar to Drata policies. This means that updates applied to a ‘shared’ piece of evidence will apply to any linked control across the platform.
HERE’S HOW
As long as a control code exists in multiple workspaces, the control’s info section can be linked across workspaces, creating a linked group. Based on this linked group a user can also link policies and evidence from the Evidence Library across Workspaces with just a few clicks.
Additionally, the user can unlink a Workspace from the grouped controls, making the control its own instance once again.
Linking Control Info
In the example below, a user can easily link a control’s info across Workspaces, given that the control exists in multiple Workspaces. To unlink, you simply need to click Manage Workspaces after a control group has been created, and remove the desired Workspaces - making the control its own instance again.
Linking a Policy
Once you’ve created a control group within control info, you can link a policy to the control within those Workspaces as well. The example below shows how you can add a policy and link it, similar to how you linked control info. To unlink, you simply need to click the Unlink button for the linked policy and remove the desired workspaces. Doing this will unlink the policy from the control within that Workspace.
Linking Evidence from Evidence Library
Once you’ve created a control group within Control info, you can link a piece of evidence from the Evidence Library to the control within those workspaces as well. The example below shows how you can add a piece of evidence and link it, similar to how you linked control info. To unlink, simply click the Unlink button for the linked evidence and remove the desired Workspaces. Doing this will unlink the evidence from the control within that Workspace.
Updating Evidence from Evidence Library that is Linked Across Workspaces
After linking a piece of evidence to a control across Workspaces, you can update the evidence within the control or directly from the Evidence Library. Applying any kind of update will propagate to this piece of evidence across any control that is currently linked.
NOTE: Once a piece of evidence is linked to a control across Workspaces, that the evidence can now be mapped to any control within that Workspace. Any update made to this piece of evidence may affect the readiness of any mapped control across the platform.
Limitations
There are a few limitations to make note of listed below:
Workspace Managers that have only 1 assigned Workspace cannot link a control to another Workspace
Workspace Managers cannot link/unlink Workspaces that they are not assigned to
Miscellaneous Evidence is not included in workflow