HomeGuidesAPI ReferenceChangelogDiscussions
Log In

Evidence Locker

Evidence Locker Module

This page contains information to assist our customers with utilizing the Evidence Locker module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.

What is it?

An Evidence Locker is a central repository for storing audit support evidence that can be mapped and re-used across multiple systems and controls.

Why would you use it?

Evidence locker is commonly used to streamline evidence gathering for large organizations that need to attest to the compliance of multiple systems. It provides an easy mapping wizard to align a single piece of evidence to all of the controls across all of the systems that it may satisfy. There are many reasons to use evidence locker which include:

  • Verify that you are meeting contractual or regulatory requirements
  • Provide assurance to regulators that you are meeting your compliance obligations
  • Attesting to evidence for shared services that cross multiple systems
  • Streamlining evidence collection for complex organizations
  • Ensuring timeliness requirements for evidence updates are met

What are the benefits?

The evidence locker feature results in multiple benefits for an organization; to include:

  • Reduced data entry and evidence collection
  • Improves the cost effectiveness of leveraging shared services
  • Ensures timely update to support audit readiness

How do I use it?

The Evidence Locker in RegScale Enterprise Edition (EE) can be used as described below:

  • In the top navigation bar, select Modules, then select Evidence Locker under Organizers
  • Click the "Create New" button and fill out the required fields describing the piece of evidence and click Save
  • Next, upload the evidence files using the File Upload tab
  • Next, select the component or security plan that leverages this evidence, then tag the controls that the evidence satisfies
  • NOTE: If there are many instances of a given control across systems, it will show them all so that you can tag them to the evidence as appropriate.
  • To view all controls mapped to the piece of evidence, use the Control Implementations tab.

How It Works?

  • You can create a new piece of evidence and assign an owner and frequency you would like it updated (i.e. every 90 days)
  • You then upload files as evidence which auto-sets the next due date based on the update frequency
  • You can then use the Evidence Workspace or Evidence Reports to view overall status, email evidence owners to provide updates, and manage evidence across its lifecycle