In order to satisfy the controls that your organization has in place, you will submit evidence through your KCM GRC platform. Users provide evidence to the platform by uploading a file or by providing a "DocuLink" to externally-hosted evidence. For more information about evidence types, please reference our KCM GRC: Glossary of Compliance Terms article.
The Evidence Repository section of KCM GRC is a repository of files and links that have been added to your account as evidence. From this repository, you can view supporting documentation for controls you've implemented in your account. The repository also stores policy documents associated with the Policy Management module.
Tip: Your auditors have an opportunity to see your evidence in a limited capacity. See our KCM GRC: Guide for Auditors article if you'd like to share an instructional guide with your auditors.
Review the sections below to learn more about the Evidence Repository.
View All Evidence
From the View All Evidence page, you can interact with the evidence that your organization has added to your account. Access this page by clicking Evidence Repository from the left navigation panel.
See the outline below which describes the information visible on this page related to each piece of evidence in your repository.
- Name: The name that was given to the evidence when it was submitted. Click the evidence name to view details related to the document (or DocuLink). See this section to learn more about evidence details.
- Data Created: The date that the evidence was added to your account.
- Created By: The name of the individual who uploaded the evidence.
- Control Name: The name of the control the evidence is associated with.
- Requirements: The regulatory or compliance requirement that the evidence is associated with.
- View Control/Task: Click the Control or Task button to view the control or task that the evidence is linked to.
- The far right-hand column includes three icons:
- Click the pencil icon () to update the evidence. See this section to learn more.
- Click the download () or link () icon to view the evidence. Evidence documents are downloaded to your local machine. DocuLink evidence is hosted externally from KCM GRC. See this section to learn more.
- Click the paper icon () to create a policy document. See this section to learn more.
You can view a summary of the evidence on the View Document (or View DocuLink) page. To access this page, click on the name of the evidence from the View All Evidence page. See below for additional information.
- File: Click the file name to download the evidence; or
Link URL: Click the link to view the evidence.
- Upload By: The name of the individual who uploaded the evidence; or
Created By: The name of the individual who submitted the evidence.
- Date Uploaded: The date that the evidence was added to your account.
- File Size: The size of the evidence that was submitted.
- File Type: The type of file that was submitted for evidence (for example a PDF).
In addition to the details above, from this page you can also review the tasks that are associated with the evidence. See below for more information.
- Task: The name of the task or tasks associated with the evidence.
- User: The name of the user responsible for the task.
- Manager: The manager who is responsible for approving the evidence and ensuring the task is completed.
- Due: The date the task is due.
- Status: The status of the task. Status types that may appear in this column include: Active, Satisfied, Acknowledged, Closed Late, Past Due, and Failed.
- Control: Click the View Control button to see the control or controls in which this piece of evidence is linked to.
Additionally, on the View Document (or View DocuLink) page, there are several actions that you can take. See below to learn more.
- Download Document: Click this button to download the evidence file.
- Update Document: Click this button to edit the document as described in the Update Evidence section, below; or
Update DocuLink: Click this button to edit the link as described in the Update Evidence section, below.
- Delete Document: Click this button to delete the evidence from your account; or
Delete DocuLink: Click this button to delete the evidence from your account.Important: Deleting evidence will permanently remove the evidence from your console, and all records of the evidence submission will be removed.
- Back: Click this button to go back to the Update Document page.
To edit a piece of evidence in your repository, follow the steps below.
- From the View All Evidence page, click the pencil icon in the right-hand column.
- On the Update Document page (or the Update DocuLink page, if you are editing a DocuLink), you can edit the name of the evidence, replace the evidence by uploading a new file, add or change the version number, and add or edit the evidence description, as shown below.
- Click the Update Document (or Update DocuLink, if you are editing a DocuLink) button to save any changes you have made. Then, you'll see the View Document page (or View DocuLink page).
See the next section to learn more about the viewing your evidence.
To view a piece of evidence from the View All Evidence page, click on the download icon () in the right-hand column. This action will download the file to your local device, allowing you to view the evidence. If your evidence is a DocuLink, a hyperlink icon () will appear instead. Click on the icon to take you to the location of the DocuLink.
Create Policy from Document
Click on the Create Policy from Document button () to make a piece of evidence available in your Policy Management module. To learn more about the Policy Management module, see our KCM GRC: Policy Management article.