The Evidence page helps you collect and organise the artifacts that prove your controls are operating effectively.
Evidence types
| Type | Examples |
|---|---|
| Document | Policies, procedures, process documentation |
| Screenshot | Configuration screenshots, dashboard captures |
| Config | Firewall rules, GPO exports, Intune policies |
| Report | Vulnerability scan reports, audit reports |
| Certificate | Existing certifications, vendor compliance certificates |
Evidence status
- Current — Up to date and valid
- Stale — Needs refreshing (e.g., screenshot older than review period)
- Missing — Required but not yet collected
- Archived — Historical, no longer the current version
Each evidence item can be linked to a specific control, making it easy to demonstrate coverage during an assessment.