Evidence Management
Evidence management is the process of identifying, tracking, and collecting artifacts that prove your controls are implemented and operating effectively. The platform provides a unified Evidence Workspace alongside a Systems Registry and Tasks section to support this workflow.
Overview
Section titled “Overview”| Section | Purpose | Access |
|---|---|---|
| Evidence | Unified workspace for scoping, reviewing, and monitoring evidence health | Evidence item in sidebar |
| Tasks | Manage evidence collection tasks | Tasks icon |
| Systems Registry | Register systems that collect evidence | Systems Registry in sidebar |
Evidence Workspace
Section titled “Evidence Workspace”The Evidence section is a single unified workspace accessed via the Evidence item in the sidebar. It consolidates evidence scoping, reporting, and health monitoring into two tabs: Workspace and Dashboard.
Workspace Tab
Section titled “Workspace Tab”The Workspace tab (powered by the EvidenceReview component) is a split-panel interface where the left panel displays the evidence list and the right panel shows the detail view for the selected item.
View Modes
Section titled “View Modes”Switch between two perspectives using the view mode toggle:
| View | Shows |
|---|---|
| Control | Evidence items grouped by control |
| Evidence | Unique evidence items across all controls |
Search and Filtering
Section titled “Search and Filtering”- Search — Find evidence items by keyword
- Domain filter — Narrow results to a specific SCF domain
Evidence Item Configuration
Section titled “Evidence Item Configuration”For each evidence item, you can configure:
| Field | Description |
|---|---|
| Is Tracked | Toggle to indicate active evidence collection |
| Collecting System | System responsible for collecting this evidence |
| Method of Collection | How evidence is gathered (API, manual, etc.) |
| Frequency | How often evidence is collected |
| Owner | Team responsible for this evidence |
| Notes | Additional tracking information |
Batch evidence tracking is available for bulk operations when you need to configure multiple items at once.
Collection Interfaces
Section titled “Collection Interfaces”The platform displays available collection interfaces for each evidence item, annotated with automation level badges:
- High automation — Fully automated via API
- Medium automation — Partial automation available
- Low automation — Primarily manual collection
AI-Powered Collection Suggestions
Section titled “AI-Powered Collection Suggestions”When AI suggestions are available, the platform recommends systems from your registry that can collect the evidence. These suggestions are based on system type, capabilities, and the nature of the evidence required.
Evidence Files
Section titled “Evidence Files”Evidence files can be uploaded directly via drag-and-drop. Supported formats include PDF, DOCX, XLSX, CSV, PNG, JPEG, JSON, and YAML.
For each uploaded file, the workspace shows:
- Preview — Inline preview where supported
- Download — Direct download link
- Malware scan status — Automated scan result for uploaded files
Evidence files are stored in Azure Blob Storage. Files uploaded via webhooks (from automated collection systems) are surfaced alongside manually uploaded files in the same list.
Collection Wizard
Section titled “Collection Wizard”The Collection Wizard provides a guided setup flow for configuring automated collection points. It walks you through connecting a registered system, selecting the evidence it will provide, and defining the collection schedule.
Assignments, Comments, and Tasks
Section titled “Assignments, Comments, and Tasks”Each evidence item supports:
- Assignments — Assign team members to manage evidence
- Comments — Discuss collection approaches and issues
- Tasks — Create collection tasks directly from evidence items
Evidence Maturity Assessment
Section titled “Evidence Maturity Assessment”The workspace includes evidence maturity assessment with advisory cards that highlight areas for improvement, helping you understand the quality and completeness of your evidence program over time.
Dashboard Tab
Section titled “Dashboard Tab”The Dashboard tab (powered by the EvidenceDashboardTab component) provides a high-level view of evidence health across your organization.
Health Summary Bar
Section titled “Health Summary Bar”The header displays aggregate counts with percentages:
- Tracked — Total evidence items with active tracking
- Fresh — Evidence that is current and up to date
- Stale — Evidence that is approaching its collection deadline
- Critical — Evidence that has exceeded its collection deadline
- No Data — Tracked evidence with no collection data yet
A color-segmented health progress bar provides an at-a-glance visual summary of these statuses.
Status Filter Tabs
Section titled “Status Filter Tabs”Filter the dashboard view by evidence health status:
| Tab | Color | Shows |
|---|---|---|
| All | — | All tracked evidence items |
| Fresh | Green | Evidence within its collection window |
| Stale | Amber | Evidence approaching its deadline |
| Critical | Red | Evidence past its deadline |
| No Data | — | Evidence with no collection records |
Evidence Health Cards
Section titled “Evidence Health Cards”Each evidence item is represented as a card displaying:
- Status dot (color-coded by health)
- Evidence identifier and description
- Last collection date
- Collecting system
Clicking any card navigates directly to that item in the Workspace tab, pre-selected and scrolled into view. This makes it easy to act on gaps identified in the dashboard without switching between views manually.
The Tasks section helps you manage evidence collection activities. Access it by clicking the Tasks icon in the sidebar.
Task Views
Section titled “Task Views”| View | Shows |
|---|---|
| My Tasks | Tasks assigned to you |
| All Tasks | All organization tasks |
Task Types
Section titled “Task Types”| Type | Purpose |
|---|---|
| Feasibility | Assess if evidence can be collected as planned |
| Setup | Configure systems for evidence collection |
| Collection | Perform evidence collection activity |
| Review | Review collected evidence for completeness |
| Documentation | Document collection procedures |
| Issue | Address problems with evidence collection |
Task Properties
Section titled “Task Properties”Each task displays:
- Title — Description of the work
- Evidence ID — Link to related evidence item
- Priority — Low, Medium, High, or Critical
- Due Date — Target completion date
- Status — Not Started, In Progress, or Completed
- Assigned To — Responsible team member
Task Status Colors
Section titled “Task Status Colors”| Status | Color |
|---|---|
| Not Started | Blue |
| In Progress | Orange |
| Completed | Green |
Working with Tasks
Section titled “Working with Tasks”Update a task:
- Click Edit on the task card
- Change the status
- Add completion notes if applicable
- Click Save
Navigate to evidence: Click the evidence ID link to jump directly to that evidence item in the Evidence Workspace.
Task Stats
Section titled “Task Stats”The header shows:
- Total tasks
- Tasks by status (not started, in progress, completed)
- Overdue count
Systems Registry
Section titled “Systems Registry”The Systems Registry manages the systems that provide evidence for your compliance program. Access it via Systems Registry in the sidebar (under Operations).
Why Register Systems?
Section titled “Why Register Systems?”Registered systems can be:
- Selected as “Collecting System” in the Evidence Workspace
- Matched to collection interfaces for automation suggestions
- Used by AI-powered suggestions to recommend collection approaches
- Tracked for capability coverage
System Types
Section titled “System Types”| Type | Examples |
|---|---|
| Cloud Provider | AWS, Azure, GCP |
| Identity Provider | Okta, Azure AD, OneLogin |
| Ticketing | Jira, ServiceNow, Zendesk |
| Logging | Splunk, Datadog, ELK |
| Security Tool | CrowdStrike, Qualys, Tenable |
| Code Repository | GitHub, GitLab, Bitbucket |
| Document Management | SharePoint, Confluence, Notion |
| Custom | Organization-specific systems |
System Status
Section titled “System Status”| Status | Meaning |
|---|---|
| Active | System is operational and available |
| Inactive | System is not currently in use |
| Deprecated | System is being phased out |
Adding a System
Section titled “Adding a System”- Click + Add System in the header
- Complete the form:
- Name — System display name
- Vendor — System provider
- Type — Category from the list above
- Description — Purpose and capabilities
- Status — Current operational state
- Click Save
System-Evidence Matching
Section titled “System-Evidence Matching”When you register systems, the platform:
- Identifies compatible collection interfaces based on system type
- Suggests these systems when configuring evidence tracking in the Workspace
- Helps you understand automation potential across your evidence program
Evidence Collection Workflow
Section titled “Evidence Collection Workflow”Here’s the recommended workflow for managing evidence:
1. Scope Your Controls
Section titled “1. Scope Your Controls”Before tracking evidence, ensure you’ve selected controls in Control Scoping. Only evidence from scoped controls appears in the Evidence Workspace.
2. Register Your Systems
Section titled “2. Register Your Systems”Add your organization’s systems to the Systems Registry. This enables:
- Evidence-to-system matching
- AI-powered collection suggestions
- Automation potential tracking
3. Configure Evidence Tracking
Section titled “3. Configure Evidence Tracking”In the Evidence Workspace (Workspace tab):
- Switch to Evidence view for efficient bulk configuration
- Use search and domain filter to find specific items
- For each evidence item:
- Enable Is Tracked toggle
- Select Collecting System
- Set Method of Collection
- Choose Frequency
- Assign Owner
- Use batch evidence tracking when configuring many items at once
4. Upload and Manage Evidence Files
Section titled “4. Upload and Manage Evidence Files”For each tracked item:
- Drag and drop files directly onto the evidence detail panel
- Review malware scan status before relying on uploaded files
- Files from webhook-based automated collection appear automatically alongside manual uploads
5. Create Collection Tasks
Section titled “5. Create Collection Tasks”For evidence requiring manual collection:
- Navigate to the evidence item in the Workspace
- Create tasks for collection activities
- Assign team members
- Set due dates aligned with collection frequency
6. Monitor Evidence Health
Section titled “6. Monitor Evidence Health”Use the Dashboard tab in the Evidence Workspace for ongoing oversight:
- Review the health summary bar for overall program status
- Use status filter tabs to focus on stale or critical evidence
- Click any evidence health card to navigate directly to the item in the Workspace for remediation
- Track fresh vs. stale vs. critical ratios over time
Best Practices
Section titled “Best Practices”Evidence Workspace
Section titled “Evidence Workspace”- Start with high-automation evidence — Configure evidence with API collection first
- Group by team — Assign evidence to appropriate owner teams
- Document collection methods — Be specific about how evidence is gathered
- Link to systems — Always specify the collecting system
- Monitor the Dashboard regularly — Catch stale evidence before it becomes critical
Task Management
Section titled “Task Management”- Use appropriate task types — Match task type to the actual work
- Set realistic due dates — Align with collection frequencies
- Complete tasks promptly — Update status as work progresses
- Add completion notes — Document what was done for audit trail
Systems Registry
Section titled “Systems Registry”- Keep systems current — Update status when systems change
- Use accurate types — Enable proper capability matching
- Include all relevant systems — Don’t miss evidence sources
Related Guides
Section titled “Related Guides”- Control Management — Scope controls that drive evidence requirements
- Dashboard Overview — View evidence tracking metrics
- Automated Evidence Collection — Set up collection points for automated evidence
- Framework Management — Understand control-to-framework mappings