Skip to content

Evidence

Evidence is what an auditor actually reviews — the artifacts that prove a control is really happening. Keel keeps evidence organized, connected to the controls it supports, and fresh enough to stand up at audit time.

In Evidence, upload a screenshot, configuration export, report, or document. Each artifact lives in your workspace’s evidence library, where you can find it later and reuse it. Because one artifact often proves several things at once, evidence isn’t locked to a single control.

Attach an artifact to the control (or controls) it supports. Thanks to the framework crosswalk, a control can satisfy requirements in several frameworks — so a single, well-chosen piece of evidence can improve your coverage across multiple standards at the same time. This is the practical payoff of collect once, comply everywhere: gather the proof once, and it counts everywhere the control applies.

Auditors want current proof, not a screenshot from two years ago. Keel tracks a review date on evidence so you can see at a glance what’s current, what’s expiring, and what’s already expired. Refresh aging artifacts before they lapse to keep your program audit-ready between formal reviews rather than scrambling right before one.

Not sure what an auditor expects for a given framework? Use the framework-scoped “evidence to collect” guidance to see the kinds of artifacts each area calls for, so you’re gathering the right things instead of guessing.

When you’ve attached an artifact, Keel’s AI “Review evidence” check reads it against what the control requires and tells you whether it’s likely sufficient — or what’s missing or weak. It’s an optional, credit-metered sanity check that catches gaps before an auditor does. Learn how credits work in AI tools & credits.