Skip to main content
All CollectionsWorkspaces
Linking Control Info & Evidence Across Workspaces
Linking Control Info & Evidence Across Workspaces

Link control info, evidence, and policies to the same control across Workspaces

Dana Mauger avatar
Written by Dana Mauger
Updated over a week ago

HERE’S WHY

The ability to link controls information and evidence across Workspaces in integral for those managing compliance across Workspaces. This feature allows for applicable users to link control content (e.g. info), evidence, and policies across workspaces for the same control, which saves copious amounts of time when managing and maintaining controls for multiple business units, product lines, and the like.

BEFORE DIVING IN

  • You must have an Admin, Workspace Manager, Control Manager, and/or InfoSec Lead role

    • Workspace Managers have some restrictions in certain use cases

  • Workspaces must be enabled

  • Controls that have the same control code can be linked across workspaces

    • Ex. Drata Control DCF-1 in multiple workspaces

    • Ex. Custom Controm ABC-10 in multiple workspaces

  • Only the following sections of a control can be linked across Workspaces:

    • Control Info

    • Policies

    • Evidence from Evidence Library

  • When Evidence is shared across workspaces, that evidence can then be used indefinitely within those shared Workspaces and acts very similar to Drata policies. This means that updates applied to a ‘shared’ piece of evidence will apply to any linked control across the platform.

HERE’S HOW

As long as a control code exists in multiple workspaces, the control’s info section can be linked across workspaces, creating a linked group. Based on this linked group a user can also link policies and evidence from the Evidence Library across Workspaces with just a few clicks.

Additionally, the user can unlink a Workspace from the grouped controls, making the control its own instance once again.

Linking Control Info

In the example below, a user can easily link a control’s info across Workspaces, given that the control exists in multiple Workspaces. To unlink, you simply need to click Manage Workspaces after a control group has been created, and remove the desired Workspaces - making the control its own instance again.

Linking a Policy

Once you’ve created a control group within control info, you can link a policy to the control within those Workspaces as well. The example below shows how you can add a policy and link it, similar to how you linked control info. To unlink, you simply need to click the Unlink button for the linked policy and remove the desired workspaces. Doing this will unlink the policy from the control within that Workspace.

Linking Evidence from Evidence Library

Once you’ve created a control group within Control info, you can link a piece of evidence from the Evidence Library to the control within those workspaces as well. The example below shows how you can add a piece of evidence and link it, similar to how you linked control info. To unlink, simply click the Unlink button for the linked evidence and remove the desired Workspaces. Doing this will unlink the evidence from the control within that Workspace.

Updating Evidence from Evidence Library that is Linked Across Workspaces

After linking a piece of evidence to a control across Workspaces, you can update the evidence within the control or directly from the Evidence Library. Applying any kind of update will propagate to this piece of evidence across any control that is currently linked.

NOTE: Once a piece of evidence is linked to a control across Workspaces, that the evidence can now be mapped to any control within that Workspace. Any update made to this piece of evidence may affect the readiness of any mapped control across the platform.

Limitations

There are a few limitations to make note of listed below:

  • Workspace Managers that have only 1 assigned Workspace cannot link a control to another Workspace

  • Workspace Managers cannot link/unlink Workspaces that they are not assigned to

  • Miscellaneous Evidence is not included in workflow

Did this answer your question?