Evidence Management — How-To Guide
A simple, step-by-step guide to uploading, organizing, and managing compliance evidence in Govula.
What is Evidence Management?
Evidence management is how you collect, upload, and organize proof that your organization meets compliance requirements. Think of it as building a filing cabinet of documents that demonstrate your security controls are working — policies, screenshots, logs, certificates, and more.
Step 1: Navigate to Evidence Manager
From your organization dashboard, click on Evidence in the sidebar navigation. This opens the Evidence Manager, where you can see all uploaded evidence items organized by control.
What you will see
- ●A list of all evidence items with their status (Active, Pending Review, Expired)
- ●The control each piece of evidence is linked to
- ●Upload dates and quality scores
- ●Quick actions: View, Delete, and Upload New
Step 2: Upload Evidence
Click the Upload Evidence button at the top of the Evidence Manager. You can upload any type of file — documents, screenshots, spreadsheets, or exports from other tools.
What to include when uploading
File
The document or screenshot that proves compliance (PDF, PNG, DOCX, XLSX, etc.)
Control Link
Which security control this evidence supports (e.g., A.5.1 — Information Security Policy)
Description
A brief explanation of what the evidence shows and why it matters
Category
The type of evidence: Policy, Procedure, Technical, or Audit Log
Step 3: Review Evidence Quality
After uploading, Govula automatically assesses the quality of your evidence and assigns a Quality Score. This helps you understand whether the evidence is strong enough for an audit.
High Quality (80–100%)
Evidence is clear, complete, and directly linked to a control. Ready for audit.
Medium Quality (50–79%)
Evidence exists but may need additional context, a clearer description, or a more recent version.
Low Quality (below 50%)
Evidence is incomplete, outdated, or not clearly linked to a control. Should be replaced or supplemented.
Step 4: View Evidence Details
Click the View button on any evidence item to see its full details. This opens a panel showing:
- •The file name and upload date
- •Which control it supports and its current status
- •Quality score with an explanation of the rating
- •Version history — every update is tracked so auditors can see the full timeline
Step 5: Keep Evidence Fresh
Evidence has a shelf life. Govula tracks how recent your evidence is and alerts you when items are getting stale.
Freshness Tips
- • Review evidence at least quarterly to ensure it reflects current practices
- • Re-upload updated policies whenever they are revised
- • Replace screenshots with recent ones before an upcoming audit
- • Use the Drift Detection alerts to identify controls that need updated evidence
Evidence Types at a Glance
| Type | Examples | When to use |
|---|---|---|
| Policy | Information Security Policy, Acceptable Use Policy | To prove your organization has formal rules in place |
| Procedure | Incident Response Plan, Change Management Workflow | To show you have documented steps for handling situations |
| Technical | Firewall configs, vulnerability scan results, access logs | To demonstrate technical controls are configured and working |
| Audit Log | System access logs, change records, review approvals | To show that activities are being monitored and recorded |