Control Evidence lets you prove a control is in place once, and have that single piece of evidence mark the control Compliant across every framework it maps to. Instead of attaching the same artifact to ISO 27001, SOC 2, NIST CSF and CMMC separately, you provide it once and Venvera closes the equivalent controls through the curated cross-framework crosswalk.
Three ways to provide evidence
- Written description - explain how the control is achieved (for example, "AV deployed fleet-wide via Intune; quarantine enabled").
- Document upload - attach a PDF, Word, Excel, CSV or text file (up to 25 MB).
- Screenshot - attach a PNG or JPEG image; screenshots open in an in-app viewer.
Where you can provide it
The same evidence widget appears in three places, so you can capture evidence wherever you happen to be working:
Open any framework's Controls page and provide evidence directly on a control.
Expand a domain in the Crosswalk and provide evidence once for the representative control; it closes the whole domain across your enabled frameworks.
Open a policy and provide evidence per mapped control. See Policy to Control Mapping.
How closure works
When you save evidence on a control, Venvera:
- Records the evidence against that control for your organisation.
- Marks the control implemented in its framework, which is what the Crosswalk reads.
- Propagates the change to every curated crosswalk-equivalent control, so they show Compliant too. Coverage only ever flows through the hand-mapped crosswalk, so Venvera never guesses an equivalence.
After saving, the widget tells you how many related controls in other frameworks were also closed.
Keeping evidence current
Each evidence item carries a renewal cadence and an expiry. When it lapses the control reverts to "evidence needed". See Evidence Freshness & Renewal.
Getting AI help
You can ask the AI what good evidence looks like for a control, and have it review an uploaded artifact against the control requirement. See the AI Evidence Assistant.