Managing Evidence items

Adding manually-uploaded evidence

Click "Log Evidence" in the upper-right corner to log a new manual evidence item. Clicking this button will open a Log Evidence modal:


The following fields are required:

  • Name: Give this evidence item any kind of name, such as "Evidence of security in job descriptions."
  • Type: This is a free text field that you can use to keep your evidence organized. Add any tag you want here, or select from existing entries that you've used before.
  • Condition: Normally, you'll log manual evidence as "OK." This means you're attaching normal, conforming evidence in support of your control. However, you may sometimes want to use Comply to keep track of control deviations, such as nonconformities and exceptions, or to flag evidence that requires attention for other reasons ("Needs Attention.")

Optionally, you can also:

  • Upload supporting attachments: We support .pdf, .jpg, .png, .xls(x), .doc(x), .csv, and .zip up to 50 MB.
  • Add notes: Any comments you may want to keep for later about the evidence.

Adding manually-uploaded evidence via email

Email evidence input allows compliance managers as well as asset and control owners to receive an email request for evidence from Comply and simply reply to that email to create evidence. Attachments will be captured as evidence, with the email body text captured as evidence notes.

When evidence is requested as part of an audit request list, an automatic, schedule- or event-based workflow an email will be sent to the appropriate requestor, asset owner, or control owner notifying them of the evidence request.

To log evidence via email:

  1. Create a ticket and assign it to the appropriate person. This will send an email to the assignee.
  1. Assignee can click on 'Reply' to the ticket notification email
  1. Assignee can attach the evidence they want to log for that ticket to the email and hit 'Send'

The evidence gets logged into Comply in the ticket and into the Evidence repository so it can be automatically applied to controls and used in audits.


Editing evidence once it's uploaded

Once you've uploaded your evidence, you can do certain things to keep it organized. Click into the evidence item or use the Table view to edit the evidence item directly.


You can:

  • Map evidence to controls: Select the pencil icon next to "Controls" to associate this evidence with your internal controls. That will also map the framework requirements associated with that control to this piece of evidence.
  • Map evidence to assets: Select the pencil icon next to "Assets" to associate this evidence with assets. Assets appear in the dropdown as: asset_type > asset name.

Next Up

Learn about how evidence can be logged into Comply automatically through integrations.