How to link evidence to a control

Evidence is the documentation that proves your control is working. This might take the form of screenshots, logs, policies, audit reports, or other documentation.

To upload evidence, go to the Evidence Tab under the Controls tab. There, select a control. You will be directed to this screen, where you can upload the evidence directly:

Supported Evidence Types:

·      PDF Documents: Policy documents, audit reports, procedures

·      Images: Screenshots of system configurations, access logs

·      JPEG/PNG: Configuration screenshots, system outputs

Example of evidence to upload to Control "Firewall rules are reviewed quarterly":

Evidence 1: Screenshot of firewall rule configuration (PNG)

Evidence 2: Quarterly review checklist (PDF)

Evidence 3: Signed-off review report (PDF)

Once evidence has been uploaded, you can identify the type of evidence (policy, procedure, audit report, risk assessment, compliance certificate, training material, incident report, other). InsAIght displays a document summary for your review before you proceed with the assessment.

Updated on: 01/05/2026