Client Guide

Attaching Evidence

Auditors want proof. Evidence blocks let you attach screenshots, documents, and links directly to a control.

What counts as evidence

📸 Screenshots

Antivirus dashboard, firewall settings, MFA enabled

📄 Documents

Signed policies, contracts, training certificates

🔗 Links

URLs to internal tools, shared drives, portals

📝 Notes

Free-text description of the measure taken

Adding evidence to a control

Open the document linked to the control — for example, the Security Policy. Each field in the document has Attach file and Add link buttons at the bottom. Click the one that matches your evidence type, fill in the details, and save.

Document field showing Attach file and Add link buttons at the bottom of a placeholder block — Each field in a policy document has Attach file and Add link buttons — use these to submit your evidence.

Evidence is stored securely per organisation. Your IT partner can view it but cannot edit it without your permission.

When evidence resolves a control

Some controls resolve automatically once their linked document fields are filled in. The Controls overview shows which controls are resolved (green) and which still need attention. Once all required fields have values, the status updates immediately.

GV Govern controls group showing GV.OC-03.1 with a resolved status and the group at 25% completion — Controls group showing one resolved control — filling in the linked document fields triggers automatic resolution.

← Fill controls Generate policy →