Skip to main content

How to Upload and Link Evidence to Controls

Implementation Team
Updated

A key part of controls management is creating and recording the Evidence needed to validate your controls when Audit time comes around.

You can begin adding evidence to any control directly from the Control Center, using one of several methods described in this guide.

This article will walk you through:

  • Adding new evidence via drag and drop
  • Linking existing evidence
  • Using AI-driven evidence recommendations
  • Leveraging integration-connected evidence

 

To learn more about Cross-mapping controls using Evidence please visit: How to Cross-Map Controls using Evidence

 

Evidence Tab Overview

The Evidence Tab within the Control Drawer is where all actions related to evidence management take place. You have several options to upload or link evidence to your controls:

  1. Drag and Drop New Evidence
  2. Link Existing Evidence
  3. AI Evidence Linking (if enabled)
  4. Integration-Based Evidence

Linked evidence will appear in a table within the Evidence tab. Simply click on the evidence name to view more details in the Evidence Center.

 

Drag and Drop New Evidence

This option is for uploading brand-new evidence items directly into the platform.

  1. Open the Evidence Tab of the control.
  2. Drag and drop your evidence file into the designated area, or click "Add New Evidence" to select the file from your device.
  3. Update the validity date :
    • If you’re uploading evidence on the same day it was collected, no update is needed.
    • For historical evidence, adjust the validity date as required.

Tip: If you have multiple historical evidence files, the Complyance team can help mass update validity dates. Reach out to us for assistance.

 

Once you've added net-new evidence, you can use AI to suggest which controls it might cover. To do this: 

  1. Click the name of the Evidence item to open the Evidence item 
  2. Go to the Controls tab 
  3. Click Link Control 
    • Here, you will see a list of AI Recommendations for controls in your environment that this evidence may be relevant for 
  4. Select the most relevant ones 
  5. Click Link 
    • You will see these controls appear as linked to the Evidence item. Once you do this, you do not need to re-map this evidence again. 

 

Link Existing Evidence

This option is for linking evidence that has already been uploaded into Complyance.

  1. Navigate to the Evidence Tab of the control.
  2. Select the "Link Existing Evidence" option.
  3. Use the search bar to find the relevant evidence (e.g., search for "Infosec Training").
  4. Select the evidence item to link it to the Control.

Note: Once linked, you won’t need to repeat this step unless the evidence is removed or unlinked. To update evidence Versions, simply head to the Versions tab and hit 'Replace Current Version;

 

 

Use AI to Link Existing Evidence

If your organization has AI Evidence Linking enabled, you can use it to streamline evidence management by leveraging AI-driven suggestions.

  1. In the Evidence Tab, select the dropdown "AI recommendation" to show suggested evidence.
  2. Review the suggested evidence items, and click "+" to link to the Control.
  3. Confirm and link the suggested evidence (e.g., "Staff Handbook").

 

Note: The AI reviews all evidence available in your environment to recommend the most relevant files that match the selected control. Always review the suggested evidence before linking to a Control.

 

 

Add Integration-Based Evidence

Evidence can be generated automatically with integrations based on data collected from your source of truth systems. This reduces manual uploads and keeps controls continuously up to date.

 

How It Works

  • Connection Setup: Your IT admin will use the integration guide we provide to establish a secure connection. This may involve uploading key details (such as OAuth/API credentials) into a secure vault. 
  • Permissions & Configuration: To enable evidence generation, certain system permissions and configuration parameters (e.g., reports or queries) need to be in place. We’ll provide the necessary lists so your IT team can configure these during setup. We always use the rule of least privilege for access.
  • Evidence Generation: Once connected, Complyance will automatically generate evidence from your systems. 
  • Continuous Monitoring Checks: We can layer 'checks' on top of integrations - to monitor that the evidence they are generating is compliant with your policies and internal controls. 
    • Integrations can verify whether security tools are active, and if an issue is detected, the platform will create an alert and log it against the relevant control - making it easy for you to remediate. 

 

Secure Sharing

Credentials and setup details are always exchanged securely. Our team will guide you through the vault setup (commonly via 1Password) or work with an alternative secure method your team prefers.

Integration-based evidence provides an automated way to maintain compliance — our integrations team will work with you to ensure the right configuration is in place.

 

 

Additional Resources

If you have questions or need assistance:

  • Check out the Control Center Guide for more information about managing controls.
  • Reach out to our support team via the Support Center for help with evidence uploads or integrations.

By following these steps, you’ll be able to manage your evidence efficiently and keep your controls compliant. Happy uploading!

 

Related articles