Acme Corp
SOC 2 Type II ISO 27001
Azure Prod
Role: CISO
JH

Evidence Hub

Centralized evidence repository with AI-powered classification and control mapping

5 Evidence Items Expiring Soon
2 already expired, 3 expiring within 30 days. Review and renew to maintain compliance.
1,247
Total Evidence
+48 this month
92%
Avg Confidence
+3% improvement
847
Auto-Collected
68% of total
3
Expiring Soon
Within 30 days
2
Expired
Needs renewal
All Types
Control
Framework
Status
Source
File Name Type Linked Controls Frameworks Uploaded By Date Expiry Status Confidence Actions
Access Control Policy v3.2.pdf
1.2 MB • PDF Document
 Policy
AC-1 AC-2 +3
SOC 2 ISO
SC
Sarah Chen
Dec 1, 2024 Dec 1, 2025 Valid
95%
Azure RBAC Configuration.png
856 KB • Screenshot
 Screenshot
AC-3 AC-6
SOC 2
Azure
Dec 5, 2024 Mar 5, 2025 Valid
92%
Defender XDR Alert Rules.json
48 KB • Configuration
 Config
IR-2 IR-4
SOC 2 NIST
Defender
Dec 4, 2024 Valid
98%
Annual Access Review Report.docx
2.4 MB • Word Document
 Report
AC-2
SOC 2 ISO
MJ
Mike Johnson
Nov 15, 2024 Jan 5, 2025 Expiring
88%
SSL Certificate - *.acme.com
4 KB • Certificate
 Certificate
DP-2 SC-8
SOC 2
JH
John Haifa
Oct 1, 2024 Nov 30, 2024 Expired
100%
AWS CloudTrail Logs - Nov 2024
156 MB • Log Archive
 Log
AU-2 AU-6
SOC 2 NIST
AWS
Dec 1, 2024 Valid
97%
Evidence Graph Explorer
Interactive visualization showing relationships between Evidence → Controls → Risks → Policies. Click on any node to explore connections across the Compliance Graph.
Expired Evidence 2
SSL Certificate - *.acme.com
Certificate • DP-2, SC-8
Expired Nov 30, 2024
Security Awareness Training
Assessment • HR-1
Expired Dec 1, 2024
Expiring Soon (30 days) 3
Annual Access Review Report
Report • AC-2
Expires Jan 5, 2025
Incident Response Plan v2.1
Policy • IR-1
Expires Jan 10, 2025
Penetration Test Report
Assessment • CA-8
Expires Jan 15, 2025
Missing evidence for AC-3 Access Enforcement
Control requires automated access control test from AWS environment
High Priority
AI Suggestion: Enable AWS Config rule "iam-policy-no-statements-with-admin-access" and connect to Evidence Hub. This will auto-collect configuration evidence for AC-3 compliance.
IR-1 Incident Response Plan requires annual review
Policy evidence is 18 months old, exceeds annual review requirement
High Priority
AI Suggestion: Schedule policy review with Security Team. Use PolicyPilot to update and version the Incident Response Plan, then upload new evidence.
No tabletop exercise evidence for IR-2
SOC 2 requires documented incident response testing
Medium Priority
AI Suggestion: Create a Mission to conduct tabletop exercise. Recommended participants: CISO, SOC Lead, IT Director. Evidence type: Assessment Artifact.