Start Trial
PortalMeridianKeystoneRMM
Audit & Compliance Manual

Evidence

Evidence collection, review state, freshness, and the working practices that keep evidence tied to real controls.

Audience: Audit and compliance operatorsFocus: Evidence readiness and reviewabilityStatus: Public manual

Scope

Evidence only matters if teams can explain what it supports, whether it is current, and what should happen next when it changes. This guide keeps that operating guidance while excluding internal mechanics.

Overview

The Evidence system stores and tracks all compliance evidence artifacts for your programs. Evidence proves that your controls are working. Each evidence artifact is immutable, content-hashed, and tracked for freshness.

Uploading Evidence

File Upload

  1. Navigate to a program’s evidence view: Programs > [Program Name] > Evidence
  2. Select a control by entering the Control ID in the filter
  3. Click Upload Evidence
  4. In the upload modal:
  5. Drag and drop a file or click to browse
  6. Enter a Title (required)
  7. Add a Description (optional)
  8. Select the Evidence Type (document, screenshot, manual upload, etc.)
  9. Set Valid Until if the evidence has a known expiry date
  10. Click Upload Evidence

File size limit is 50MB. Larger files should be split or summarized.

Executables (.exe), scripts (.sh, .bat, .py, .js, .ps1), and web files (.html, .htm, .php) are blocked. Files with no extension are also rejected. For binary formats (PDF, PNG, etc.), the system verifies that the file content matches the claimed extension — a renamed executable will be rejected even if the extension is changed to .pdf.

What happens on upload

  • The system computes a SHA-256 hash of your file for integrity verification
  • The file is stored securely with a path tied to your account, program, and evidence ID
  • The upload is recorded with your email as the collector (“manual:you@company.com”)
  • An audit log entry is created

Viewing Evidence

Cross-Program Evidence Workspace

Navigate to Evidence in the sidebar to see every evidence artifact in the current account across every program. This is the default landing surface for audit prep and evidence curation.

Available filters: - Search: Server-side substring match on title and file name (debounced) - Program: Scope to a single program - Type: Filter by evidence type (document, screenshot, api_response, etc.) - Freshness: Show only fresh, stale, or expiring-soon evidence - Show superseded: Toggle to include superseded evidence

Filter state is persisted in the URL so a refresh, share, or back-navigation restores the exact view. Each row shows the parent program name and control ref/title so you can navigate directly to the source without follow-up clicks.

Program Evidence View

Navigate to Programs > [Program Name] > Evidence to see all evidence for a single program.

Available filters: - Control: Type-to-search control picker (SearchableSelect) for the current program - Type: Filter by evidence type (document, screenshot, etc.) - Freshness: Show only fresh, stale, or expiring-soon evidence - Show superseded: Toggle to include superseded evidence

Pick a control first to enable the Upload Evidence button.

Evidence Detail

Click any evidence item to see its full details: - Title, description, and evidence type - Collector (who uploaded it) - Collected date and valid-until date - Content hash (SHA-256) with copy button - File information (name, size, content type)

Understanding Freshness Indicators

Indicator Meaning Action
Green (Fresh) Evidence is current No action needed
Yellow (Expiring Soon) Evidence expires within 7 days Plan to collect new evidence
Red (Stale) Evidence has expired Collect new evidence for this control
No Expiry Evidence has no set expiration Periodically review if still current

Stale evidence is not invalid — it still counts for the period it covered. The indicator signals that you need to collect fresh evidence for ongoing compliance.

Downloading Evidence

From the evidence detail page, click Download to retrieve the original file. The system verifies the content hash during download to detect any storage corruption. You’ll see: - X-Content-Hash header with the SHA-256 hash - X-Hash-Verified: true if the file integrity is confirmed

If a hash mismatch is detected, the download will fail with an error. Contact your administrator if this occurs.

Superseding Evidence

For manual evidence not linked to a test, you can manually supersede it: 1. Open the evidence detail page 2. Click Mark Superseded 3. Confirm the action

Superseded evidence is hidden from list views by default. Check “Show superseded” to see the full history.

Superseded evidence is never deleted — it remains in the audit trail.

Evidence Types

Type Use For
Manual Upload General file uploads
Document Policies, procedures, certificates
Screenshot UI screenshots as evidence
Log Export Exported log files
Automated Evidence collected by connectors