Skip to main content
Evidence is the documentation that proves your controls are actually implemented. SecurAtlas stores all your compliance evidence in one workspace, lets you link each item to one or more controls, and tracks expiry dates so nothing silently drops out of your posture score.

The evidence pipeline

Every piece of evidence moves through the same lifecycle: Upload → Link to a control → Validate (owner or admin) → Effective maturity updates → Risk score recalculates Evidence that is uploaded but not linked to a control has no effect on your score. Evidence that is linked but not yet validated is counted as pending. Only accepted or accepted with gaps evidence contributes to your effective maturity.

Coverage metrics

Four metric tiles appear at the top of the Evidence page:
  • Controls covered — how many controls have at least one linked evidence item, out of your total control count
  • Validated — the number of evidence items with accepted status
  • Needs review — items that are linked to a control and awaiting validation by an owner or admin
  • Action required — the sum of expired items, controls missing required evidence, and rejected items

Tabs on the Evidence page

The main view showing all your uploaded evidence items. Use the filter pills — Unlinked, Pending, Expiring, Validated, Rejected — to focus on a specific subset. You can also filter by tag if you’ve created evidence tags.

Uploading evidence

1

Open the upload modal

Click Upload Evidence in the top-right corner of the Evidence page. The same button appears in the empty state if you haven’t uploaded anything yet.
2

Fill in the details

Give the item a clear title and an optional description. Select the evidence type — Screenshot, PDF, Policy, Audit Report, Log Export, Config Export, Attestation, or Other.
3

Attach a file or note the source

Upload a file directly, or add a URL or reference if the document is stored elsewhere.
4

Save the item

Click Save. The item appears in your Evidence Library with a status of Uploaded.

Linking evidence to a control

After uploading, link the evidence item to one or more controls so it can contribute to your posture score.
1

Find the evidence item

Locate the item in the Evidence Library. Items that are not yet linked to any control show a note: “Not linked to any control — use Link to attach.”
2

Click Link

Click the Link button on the right side of the item row. A selector appears showing all your controls.
3

Choose controls

Select the controls this evidence supports. A single evidence item can be linked to multiple controls — this is called a shared item and is labeled Shared in the library.
4

Save the link

Confirm the selection. The evidence item’s status changes to Linked and it moves into the review queue for validation.
Only owners and admins can validate (accept or reject) evidence. If you are a member without that role, your linked items wait in the queue until an admin reviews them.

Understanding expiry dates

Evidence items can have an expiry date. As expiry approaches, the following signals appear:
StateDisplay
FreshNo expiry badge
Expiring within 30 daysAmber “Xd left” badge
ExpiredRed “Expired” badge
The Evidence Library sorts items so that expiring and expired items appear at the top. An alert banner also appears at the top of the page when any items are expired or expiring within 30 days.
Expired evidence stops contributing to your compliance posture scores immediately. Replace it before the expiry date — SecurAtlas keeps the old item in your library so you have an audit trail, but only current evidence counts toward your score.
The dashboard also displays an orange banner listing any items expiring within the next 30 days across your whole workspace.

Downloading an evidence certificate

An evidence certificate is a downloadable PDF that records a specific control’s evidence status — useful for auditor handoffs or internal review cycles. To download a certificate, open the controls evidence drawer from the Controls page, then use the Download Certificate option from the action menu on any validated evidence item. Evidence certificates are also available through the API at /api/reports/evidence-certificate.

AI classification

When you upload a new evidence item, SecurAtlas may automatically classify it in the background. While classification is running, the item shows a “Classifying…” badge. Once complete, it shows “AI reviewed” if the item passed review. AI classification does not replace human validation — an owner or admin still needs to accept the item for it to count toward your score.