Evidence

Evidence is the documentation and artifacts that demonstrate a control was operating as designed during the audit period. Common evidence types include screenshots of system configurations, exports of access review reports, logs showing alert generation and response, signed policies, training completion records, and ticket histories showing change approvals. For SOC 2 Type 2 audits, auditors sample evidence from across the entire audit period to confirm controls operated consistently, not just on the days the auditor was looking. Strong evidence is timestamped, attributable to the person who performed the action, and tied to a specific control. Weak evidence is undated, generic, or fails to demonstrate the actual control activity. Most SOC 2 platforms exist primarily to make evidence collection less painful, since gathering and organizing evidence is the single most time-consuming part of audit preparation. SimpleAudit's Evidence Vault is the canonical storage location for SOC 2 evidence in the platform.