Linking entities to your workspaces
This article explains how to link entities and entity groups to your Policy, Risk, and Compliance workspaces. There are two ways to link — directly to an individual entity, or to an entity group.
Read [Understanding entities, entity groups, and entity classes] first if you haven't already.
Linking an individual entity
Use this when a risk, control, or policy applies to a single entity rather than a collection of entities.
For the Risk and Compliance workspaces, link to a role entity rather than a user entity. Both workspaces are role-based — if you link to a specific person and they leave, the risk or control loses its owner. Linking to a role means ownership always transfers automatically to whoever currently holds that role.
Risk workspace
When setting up your master risk, go to Step 2 - Entities/Entity Groups, open the Entities tab, and click Link.
Creates one risk instance for that entity with its own owner, likelihood, and evidence trail
Link to a role entity — e.g. "Head of IT" — not the individual in that position
Compliance workspace
When setting up your master control, go to Step 2 - Entities/Entity Groups, open the Entities tab, and click Link.
Creates one control instance for that entity with its own owner, evidence, and attestation record
Link to a role entity — e.g. "Compliance Manager" — not the individual in that position
Part 2 — Linking an entity group
Use this when the same risk, control, or policy applies to multiple entities. Good scenarios include:
All staff need to sign the employee handbook — link the "All Staff" group to the policy attestation task
All company laptops are subject to the same security control — link the "All Laptops" group to the control
All departments face the same operational risk — link the "All Departments" group to the risk
All suppliers must comply with your supplier code of conduct — link the "All Suppliers" group to the policy
Every entity in the group is covered, and any entity added to the group later automatically inherits everything already linked — no manual work needed.
Policy workspace
In the Attestation section of your policy, open the Add Attesters modal and use the Add Group field to search for a group. Every entity in the group receives an attestation task when the policy reaches Attestation state. You will also set Days to Complete, First Attestation date, Frequency, Agreement text, and Task Description.
Risk workspace
When setting up your master risk, go to Step 2 - Entities/Entity Groups, open the Entity Groups tab, and click Link. You will see a checkbox column called Create one Risk for the group.
Checked — one risk instance created for the whole group, owned by the group owner. Use when one person is accountable for everyone and a single assessment is sufficient.
Unchecked — one risk instance created per entity, each with its own owner and assessment. Use when exposure levels or accountability differ across entities — for example, the Finance department and the IT department may face the same risk but at very different levels.
Compliance workspace
When setting up your master control, go to Step 2 - Entities/Entity Groups, open the Entity Groups tab, and click Link. The same checkbox applies.
Checked — one control instance for the whole group. Use when one team manages the control on behalf of everyone.
Unchecked — one control instance per entity, each assessed independently. Use when you need separate evidence or sign-off per entity — for example, confirming each department has completed its own access review.
Quick reference
| Individual entity | Entity group |
Best for | One specific thing or role | Multiple entities sharing the same rule |
New members inherit automatically | No | Yes |
Policy workspace | Add Individuals in Add Attesters | Add Group in Add Attesters |
Risk workspace | Entities tab in Step 2 — link to a role entity | Entity Groups tab in Step 2 |
Compliance workspace | Entities tab in Step 2 — link to a role entity | Entity Groups tab in Step 2 |