Evidence Collection
Evidence collection is the core workflow in The One Compliance. Evidence artifacts are linked to framework controls to demonstrate compliance. You can upload evidence manually or configure auto-collection from other One Stack products.
Uploading Evidence Manually
To upload an evidence artifact:
- Navigate to the control that requires evidence
- Click Add Evidence
- Select the evidence type (Policy, Screenshot, Report, Log, or Attestation)
- Upload the file or paste a URL
- Add a description and set the evidence period (effective date and expiration)
- Click Save
Supported file formats: PDF, PNG, JPG, DOCX, XLSX, CSV, JSON, XML, TXT, and ZIP archives.
Auto-Collection from Other Products
The One Compliance can automatically collect evidence from other One Stack products on a scheduled basis. Auto-collected evidence is linked to the appropriate controls and refreshed automatically.
Security — Scan Results
- Vulnerability scan results serve as evidence for vulnerability management controls
- Security awareness training completion rates satisfy workforce training requirements
- Phishing simulation results demonstrate security testing controls
Configure in Settings → Integrations → Security.
RMM — Patch Compliance
- Patch compliance reports demonstrate timely patching controls
- Device inventory reports satisfy asset management requirements
- Agent deployment coverage shows endpoint management posture
Configure in Settings → Integrations → RMM.
Defend — Endpoint Protection
- Endpoint protection deployment status satisfies endpoint security controls
- Alert response metrics demonstrate incident detection capabilities
- Policy enforcement reports show security configuration compliance
Configure in Settings → Integrations → Defend.
Backups — Verification
- Backup job success/failure reports satisfy data protection controls
- Backup test restore results demonstrate recovery capability
- Retention policy compliance shows data lifecycle management
Configure in Settings → Integrations → Backups.
Auto-Collection Schedule
Auto-collected evidence refreshes on a configurable schedule:
| Frequency | Use Case |
|---|---|
| Daily | Patch compliance, backup verification, endpoint protection status |
| Weekly | Vulnerability scan results, device inventory |
| Monthly | Training completion rates, phishing simulation results |
Set the schedule per integration in Settings → Integrations.
Evidence Freshness Tracking
Each evidence artifact has a freshness status based on its effective period:
| Status | Meaning |
|---|---|
| Current | Evidence is within its effective period |
| Expiring Soon | Evidence expires within 30 days |
| Expired | Evidence has passed its expiration date |
| No Expiration | Evidence does not have a defined expiration (e.g., a one-time attestation) |
The compliance dashboard highlights controls with expiring or expired evidence so you can refresh them before an audit.
Evidence Review and Approval
Evidence can optionally go through a review workflow:
- Uploaded — Evidence is submitted
- Under Review — A compliance manager reviews the artifact
- Approved — Evidence is accepted and the control is marked Compliant
- Rejected — Evidence is insufficient; the uploader is notified with reviewer comments
Enable the review workflow in Settings → Compliance → Evidence Review.