The ability to link controls information and evidence across Workspaces is integral for those managing compliance across Workspaces. This feature allows for applicable users to link control content (such as info), evidence, and policies across workspaces for the same control, which saves copious amounts of time when managing and maintaining controls for multiple business units, product lines, and the like.
There are a few limitations:
Workspace Managers that have only 1 assigned Workspace cannot link a control to another Workspace
Workspace Managers cannot link or unlink Workspaces that they are not assigned to.
Miscellaneous Evidence is not included in workflow.
Prerequisites
Workspaces must be enabled.
You must have an Admin, Workspace Manager, Control Manager, or Information security lead role.
Workspace Managers have some restrictions in certain use cases.
Link control info and evidences across workspaces
As long as a control code exists in multiple workspaces, the control’s info section can be linked across workspaces, creating a linked group. Based on this linked group a user can also link policies and evidence from the Evidence Library across Workspaces with just a few clicks.
Additionally, the user can unlink a Workspace from the grouped controls, making the control its own instance once again.
Controls that have the same control code can be linked across workspaces.
For example, Drata Control DCF-1 in multiple workspaces.
For example, Custom Control ABC-10 in multiple workspaces.
Only the following sections of a control can be linked across Workspaces:
Control Info
Policies
Evidence from Evidence Library
When Evidence is shared across workspaces, that evidence can then be used indefinitely within those shared workspaces and acts very similar to Drata policies. This means that updates applied to a shared piece of evidence will apply to any linked control across the platform.
Link controls
Note: When linking evidence to a control, you can only link existing evidence already within Drata. You cannot add or create a new evidence during the linking process. Ensure the evidence you need has been added beforehand.
Go to the Controls page and select a control that exists in multiple workspaces.
A control drawer is displayed. Within the CONTROL INFO section, there is a field for Linked workspaces. Select Manage button.
Enter or remove workspaces and save.
Link a policy
Once you’ve created a control group within control info, you can link a policy to the control within those workspaces as well.
Go to the Controls page and select a control that exists in multiple workspaces.
A control drawer is displayed. Within the CONTROL EVIDENCE section, select Add for Link policies within Drata.
Select a policy and continue.
Select the desired workspaces and save. You can also remove or add workspaces here.
Link evidence from Evidence Library
Once you’ve created a control group within Control info, you can link a piece of evidence from the Evidence Library to the control within those workspaces as well. This workflow is similar to linking a policy.
Go to the Controls page and select a control that exists in multiple workspaces.
A control drawer is displayed. Within the CONTROL EVIDENCE section, select Add for Evidence Library.
Select the evidences and continue.
Select the desired workspaces and save. You can also remove or add workspaces here.
Update evidence that is linked across workspaces
Once you've linked evidence to a control across workspaces, you can update it either within the control or directly from the Evidence Library page. Any updates will automatically apply to all controls linked to that evidence.
Go to the Controls page and select a control that exists in multiple workspaces.
A control drawer is displayed. Within the CONTROL EVIDENCE section, expand Evidence Library.
Select the update icon (
) to update the evidence.
Note: Once evidence is linked to a control in any workspace, it can be mapped to any control within that workspace. Any updates to this evidence may impact the readiness of all mapped controls across the platform.