Skip to main content

Automate Actions with Drata’s Workflows

Automate tasks, notifications, and webhooks in Drata with workflows triggered by control, evidence, risk or personnel events.

Updated this week

API Developer Resource 💡
For API documentation and resources to extend workflow automation, visit the Drata Developer page.

Overview of Workflows

Workflows in Drata allow Admins and Workspace Managers to automate routine compliance operations triggered by specific events. Instead of relying on manual follow-ups, you can define the steps, such as creating tasks, sending notifications, or triggering webhooks, that run automatically when a condition is met.

Workflows Lifecycle Overview

Workflows help automate compliance processes from trigger to resolution. Each workflow has three core components:

Component

Purpose

What You Do

Start

Define the workflow scope

Choose which controls, risks, evidence or personnel it applies to

Trigger

Define when it should run

Select the event that initiates the workflow

Steps

Define what should happen

Add and configure task, notification, or webhook

Note: Steps in a workflow run in parallel. If one step fails, the others still run. Drata automatically retries failed steps up to three times.

Prerequisite

Before creating a workflow, ensure that:

  • You have the Admin or Workspace Manager role.

  • You can access Settings > Workflows.

Before you configure your workflow:

  • Know which controls, risks, evidence, or personnel the workflow should apply to.

  • Know which event(s) you want to monitor (for example, evidence linked, treatment option changed, personnel status changed, or artifact uploaded).

You may also need to:

  • Identify the Slack channel or Teams group you want to notify.

  • Prepare any webhook URLs needed to send data from Drata to external applications.

Create a New Workflow

Workflows in Drata let you automate actions such as creating tasks, sending notifications, or triggering webhooks when specific events occur. You can build workflows based on events related to controls, risks, evidence or personnel.

You can create, name, and choose the type of object that will trigger your workflow.

  1. Go to Settings > Workflows.

  2. Select Create Workflow.

  3. In the setup modal:

    • Enter a name for the workflow

    • Choose a target object type: Control, Risk, Evidence or Personnel

    • If you select Control or Evidence, also choose the workspace this workflow will run in

After completing this step, you’ll be redirected to a page where you can complete the rest of your workflow. The following sections showcase what the trigger and action options are for each object.

Trigger events and actions

The table provides high-level descriptions of available triggers and actions. Each workflow allows one start and trigger, but you can add multiple actions. To learn more about each workflow type, refer to the help articles linked in the table.

Objects

Description of Triggers

Control

Learn how to set up control workflows.

  • Control details update

  • Control readiness changes:

    • Readiness changes to Not ready

    • Readiness changes to Ready

  • Linked item changes:

    • Evidence linked or unlinked

    • Policy linked or unlinked

  • Mapped item changes

    • Test mapped or unmapped

    • Mapped test passes or fails

    • Requirement mapped or unmapped

  • Control owner updated

  • Control marked in-scope or out-of-scope

Risk

Learn how to set up risk workflows.

  • Inherent or residual score changed

    • You configure the score condition that should trigger the workflow.

  • Treatment option changed

    • You choose which treatment option change activates the workflow.

Evidence

Learn how to set up evidence workflows.

  • Upcoming renewal

    • You configure how many days before the renewal date the workflow should trigger.

  • Renewal past due

    • You configure how many days past the renewal date will trigger the workflow.

  • New artifact uploaded

  • Evidence linked or unlinked from a control

Personnel

Learn how to set up personnel workflows.

  • Out of compliance

    • You choose the new compliance categories and the number of days out of compliance that will activate the workflow.

  • Status changed.

    • You select the new status change that should trigger the workflow.

Available Actions

  • Create task

    • Only available for Controls and Risks

  • Send email

  • Send Slack message

  • Send Microsoft Teams message

    • Note: Microsoft Teams direct messages are not supported.

  • Send webhook.

    • Note: Drata uses Svix to send our webhooks.

Review and Publish

You can publish your workflow to activate it, or save it as a draft to complete later. To create a similar workflow in the future, you can duplicate an existing workflow and reuse its configuration.

Additional Resources

Related Articles
Manage tasks in Drata
Create Workflow for Control
Create Workflow for Personnel
Create Workflow for Evidence
Create Workflow for Risk
Did this answer your question?