Types of evidence
Workflow
Every piece of evidence goes through review unless the control is explicitly configured to auto-approve automated sources.Reviewing evidence
1
Open Evidence
The default view shows everything in the Draft state ordered by oldest first.
2
Inspect the artefact
For automated evidence, the run, evaluation, or alert is linked. For manual evidence, the upload is rendered inline.
3
Pick a control
Map the evidence to one or more controls (e.g. an EU AI Act requirement). One artefact can support multiple controls.
4
Approve or reject
Approving moves the artefact into the audit-ready set. Rejecting requires a reason — useful for training the team on what’s acceptable.
Gap analysis
The Gaps card flags controls that have no approved evidence. Use it to prioritise:- Sort by framework (EU AI Act, NIST, ISO 42001)
- Sort by severity of the underlying control
- See last-approved-evidence age — anything older than a quarter shows as stale
API
Related resources
Policies
Many evidence sources are policy evaluations.
Compliance
Where mapped evidence shows up in the heatmap.

