Uploading Documents to DSALTA
Single Document Upload
To upload one document:
Navigate to Compliance > Documents
Click Upload Document or Add Document
Select the file from your computer
Add document details:
Document name (auto-populated from filename, can be edited)
Category/Type
Description
Tags (optional)
Map to controls or frameworks (optional but recommended)
Set access permissions if needed
Click Upload
The document is immediately available and searchable.
Bulk Upload
For multiple documents:
Click Bulk Upload or Upload Multiple
Select multiple files (Ctrl/Cmd + click or drag and drop)
Documents uploaded with default metadata
Edit individual documents to add details, categorization, and mappings
Bulk upload is efficient for initial compliance library setup or after receiving audit reports.
Supported File Types
DSALTA accepts:
Documents: PDF, DOC, DOCX, TXT, MD
Spreadsheets: XLS, XLSX, CSV
Images: PNG, JPG, JPEG, GIF
Presentations: PPT, PPTX
Diagrams: VSD, VSDX, PNG, JPG (for architecture diagrams)
Archives: ZIP (for document packages)
Maximum file size varies by plan (typically 50-100MB per file).
Document Categorization
Choose the appropriate category during upload:
Architecture & Design: Use for system diagrams, network topology maps, data flow diagrams
Reports & Assessments: Use for security assessments, penetration tests, vulnerability scans, audit reports
Procedures & Runbooks: Use for SOPs, incident response procedures, configuration guides
Contracts & Agreements: Use for vendor contracts, BAAs, DPAs, security agreements
Training & Awareness: Use for training materials, certificates, awareness campaign assets
Compliance & Legal: Use for previous audit reports, regulatory filings, legal opinions
Operational Records: Use for change logs, incident reports, access review records
Proper categorization makes documents discoverable during audits.
[Screenshot needed: Document category selection dropdown]
Linking Documents to Controls
The most important organizational step is mapping documents to the controls they support:
During Upload
In the upload dialog:
Scroll to the Linked Controls section
Click Add Control
Search for and select relevant controls
Repeat for multiple controls if the document supports several
After Upload
From the document detail page:
Navigate to Linked Controls tab
Click Link Control
Select controls from the list
Save the mapping
Example Mappings:
Penetration Test Report: Link to vulnerability management controls, secure development controls
Business Associate Agreement: Link to vendor management controls, data protection controls
Backup Verification Log: Link to backup and recovery controls, business continuity controls
Framework Association
Documents often support multiple frameworks simultaneously:
Automatically Inherited: When you link a document to a control, it automatically associates with all frameworks that the control supports
Manual Association: You can also directly associate documents with frameworks for framework-specific evidence that doesn't map to specific controls (e.g., organizational charts, general security documentation)
This dual mapping ensures documents appear in framework-specific evidence views.
Document Descriptions
Write clear descriptions explaining:
What: Brief summary of document contents
Why: What compliance purpose does it serve
โWhen: Date or period the document covers
Who: Who created it or who it's relevant to
Example: "Annual penetration test report conducted by XYZ Security in November 2024. Covers all production infrastructure and web applications. Includes findings, risk ratings, and remediation recommendations. Supports vulnerability management and secure development controls."
Good descriptions help teammates and auditors understand document relevance without opening every file.