Evidence can be generated automatically with integrations based on data collected from your source of truth systems. This reduces manual uploads and keeps controls continuously up to date.
Initial Connection Setup
Your IT admin will use the integration guide we provide to establish a secure connection. This may involve uploading key details (such as OAuth/API credentials) into a secure vault.
Permissions & Configuration: To enable evidence generation, certain system permissions and configuration parameters (e.g., reports or queries) need to be in place. We’ll provide the necessary lists so your IT team can configure these during setup. We always use the rule of least privilege for access.
Creating an evidence generated via integration
Once you're connected to the provider, you generate evidence from your systems within the evidence item drawer.
On the right sidebar, there's a tab for 'Integrations'. Here, you can complete the following information to successfully pull in data via integration:
- Connector: Name of tool you're integrating with
- Note - there may be more than one of the same tool if its connected to multiple instances/repos/locations
- Service (if relevant): Some tools have services beneath that give further granularity on the information you're pulling in (e.g. AWS, Azure etc). If not relevant for the connector, this field will be greyed out.
- Handler: This is the 'check' and the evidence item you'll be pulling in. Some have added parameters that you can further customize.
The evidence must be linked to a control in order to run the integration check. Please ensure you have a control linked!
The integration connector will pull a report from your source of truth system into the evidence center - as an item ready to be linked out to your existing controls.
When the integration re-runs, the new report is added as a new evidence version. You can view previous versions in the Versions tab. This means that each time the integration updates, all linked controls benefit from the refreshed evidence.
Continuous Monitoring Checks
We can layer 'checks' on top of integrations - to monitor that the evidence they are generating is compliant with your policies and internal controls.
- Integrations can verify whether security tools are active, and if an issue is detected, the platform will create an alert and log it against the relevant control - making it easy for you to remediate.
Secure Sharing
Credentials and setup details are always exchanged securely. Our team will guide you through the vault setup (commonly via 1Password) or work with an alternative secure method your team prefers.
Integration-based evidence provides an automated way to maintain compliance — our integrations team will work with you to ensure the right configuration is in place.