Upload Evidence

The Upload Evidence feature allows users to provide supporting documentation that demonstrates compliance with a selected SOC 2 control or principle. Evidence may include internal policies, procedures, automated check results, assessments, or any form of audit-ready proof.

The upload interface provides three evidence categories – Policy/Procedure, Checks, and Evidence, allowing users to select the appropriate type of supporting material.

Steps to Upload Evidence

  1. In the Compliance module, navigate to the specific control or principle you want to upload evidence for.

  2. Click Upload Evidence located next to the control title.

  3. A pop-up window titled “Upload Evidence for CC_X.X” appears.

  4. Choose the appropriate evidence category:

    • Policy/Procedure

    • Checks

    • Evidence

Each category provides its own dropdown selector and input fields.

Evidence Categories Explained

1. Policy/Procedure

This option is used when providing documentary proof such as:

  • Organizational policies

  • Standard operating procedures

Fields available under this tab:

  • Select Policy/Procedure Checks (Dropdown) Displays a list of policies or procedures mapped to the selected control.

  • Enter evidence details Use the text box to describe what you're attaching or how it relates to compliance.

  • File Upload Section Click or drag files to upload supporting documents.

2. Checks

This option is used when uploading evidence related to automated cloud checks.

Fields under this tab:

  • Select Automated Checks (Dropdown) Displays system-generated checks mapped to the control.

  • Enter evidence details Add clarifying notes about the check or additional information.

  • File Upload Section Upload screenshots, reports, or exported check results.

3. Evidence

This option is used for any other type of supporting material not covered above, such as:

  • Audit screenshots

  • Certificates

  • Logs or test results

  • Third-party reports

  • Miscellaneous documentation

Fields under this tab:

  • Select Evidence Checks (Dropdown) Displays non-policy or non-automated evidence options relevant to the control.

  • Enter evidence details Provide brief context or explanation.

  • File Upload Section Supports drag-and-drop or click-to-upload.

Uploading Files

In all three tabs, the upload box supports:

  • Drag-and-drop

  • Manual file selection Users may upload PDFs, images, documents, or other allowed file formats.

Finishing the Upload

  1. After entering the required details and attaching files, click Upload.

  2. Click Cancel if you wish to exit without saving.

Once uploaded:

  • Evidence becomes available under View Evidence for that control.

  • Reviewers and auditors can assess and validate the submitted materials.

Purpose of Upload Evidence

Evidence strengthens your organization’s SOC 2 compliance posture by:

  • Demonstrating formal internal processes

  • Providing measurable or automated control results

  • Validating security, confidentiality, or availability practices

  • Offering audit-ready documentation for each relevant requirement

Examples include policies, reports, screenshots, risk assessments, training logs, or any proof supporting a control’s effectiveness.

PreviousComplianceNextView Evidence

Last updated