Diri allows you to share structured content across organizations and users to promote collaboration, data reuse, and consistency. This article explains key use cases and how to share IT systems, risk assessments, and treatments effectively.
Organizations with multiple sub-organizations or customers often maintain a central list of IT systems. By sharing these systems with suborganizations: You avoid duplication of data entry. Systems can be referenced in risk assessments and data processing records by other teams. Updates made to the shared system are reflected for all who access it, ensuring a single source of truth.
Sharing is available for most lists in Diri, and you can share with either a sub-organization or a user. Click the checkbox to select on or more of the items you want to share:
In the above animation, the user selects three items from the list and shares them with a sub-organization. Members of this sub-organization will now be able to interact with these items according to which rights are set. E.g. by setting “Read” rights as in the animation, the users in the target org can use the IT-system in risk assessments and data processing records, but not edit the content, update, or delete.
Risk assessments can be complex and benefit from input across departments or external experts. Sharing a risk assessment allows:
Multiple stakeholders to contribute to identification, evaluation, and mitigation of risks.
Better alignment across teams when risks affect shared systems or data.
Controlled collaboration with clear roles and permissions.
Use this when:
Continuing on the animation below, the following illustrates what it looks like in the “Project organization” when something is shared with an org, and how to use the items in risk assessments:
In the above example, the items are shared directly with the organization with only read - rights.
Treatments (actions or controls implemented to reduce risk) can often be standardized and reused. Sharing treatments enables:
Consistent application of controls across the organization.
Easier onboarding for new teams or subunits.
Improved reporting by linking the same treatment across assessments.
This is ideal when:
Promoting reuse of security best practices.
Implementing standard GDPR or ISO27001 controls.
Managing a catalog of recurring or centralized tasks (e.g. MFA roll-out, backup routines).
Treatments are special in Diri since they can have multiple effects associated to them. In the following animation, we go from the sharing window of an admin user, where treatments are shared directly with a “User risk”. The animation switches to the view of User risk and updates his view to see the shared items. Then the shared treatments are applied in a risk assessment to show how that is done, and how to add multiple effects to a treatment.
Navigate to the IT Systems section.
Select the system you want to share.
Click the Share button.
Choose the organization(s) or user(s) to grant access.
Set permissions (e.g., view only, edit, manage).
Confirm to apply sharing.
🔒 Note: Shared IT systems can now be referenced in risk assessments and data processing activities by those granted access.
Open the Risk Assessments list.
Choose the assessment to share.
Click the Share option.
Add organ internal or external users and define roles.
Adding Diri-users under the “Who will participate in the assessment?"-option also shares the risk assessment with them.
Optionally, notify collaborators and track changes.
👥 Tip: Use comments and task assignments to coordinate input directly within the assessment.
Go to the Treatments section.
Select a treatment to share.
Click Share or choose Make Available to Other Orgs.
Choose which organizations can import or link the treatment.
Decide whether updates should propagate or be copied as-is.
🔁 Shared treatments can be reused across organizations for consistency in mitigating similar risks.
If you have questions or need help setting up sharing, contact support or your Diri account manager.