Evidence Module
Evidence Module
Overview
The Evidence module provides a centralized repository for collecting, organizing, and managing compliance evidence. It helps demonstrate compliance with regulatory requirements and internal policies.
Key Features
- Evidence collection and storage
- Evidence categorization and tagging
- Relation mapping to controls, frameworks, and risks
- Evidence review and validation
- Version tracking
- File attachment support
- Evidence lifecycle management
Creating Evidence Records
To create a new evidence record:
- Navigate to Compliance - Evidence
- Click Add Evidence
- Fill in evidence details:
- Name - Evidence title
- Description - What the evidence demonstrates
- Type - Evidence type/category
- Status - Current status
- Valid From/To - Evidence validity period
- Click Submit
Evidence Detail Page
The evidence detail page shows:
- Basic Information - Evidence metadata
- Relations - Linked controls, frameworks, and other modules
- Review History - Evidence reviews
- Attached Files - Supporting documents
Linking Evidence
Connect evidence to demonstrate compliance:
- Internal Controls - Show control implementation
- Compliance Frameworks - Support framework requirements
- Policies - Demonstrate policy compliance
- Risk Treatments - Support risk mitigation
Evidence Reviews
Conduct evidence reviews:
- Navigate to evidence detail
- Go to Review tab
- Click Add Review
- Document review findings:
- Review date
- Reviewer
- Status (Valid, Expired, Needs Update)
- Comments
Uploading Evidence Files
Attach supporting files:
- Open evidence record
- Go to files section
- Click Upload File
- Select file from computer or link from File Manager
- Add file description
Best Practices
- Use consistent naming conventions
- Set appropriate validity periods
- Review evidence regularly
- Link evidence to relevant controls and frameworks
- Maintain version history for updated evidence
- Remove or archive outdated evidence