Attestations
Manage signed acknowledgments and compliance attestations
Attestations
Attestations are formal acknowledgments that demonstrate compliance activities have been completed. Manage training records, policy acceptances, and signed declarations.
What Are Attestations?
Attestations provide evidence that:
- Personnel completed required training
- Policies were reviewed and accepted
- Procedures were followed
- Controls were verified
Attestation Types
Policy Acknowledgment
Confirmation that policies were read and understood:
- Security policy acceptance
- Acceptable use agreement
- Data handling procedures
Training Completion
Records of completed training:
- Security awareness training
- Role-specific training
- Compliance training modules
Control Verification
Confirmation that controls are operating:
- Review sign-off
- Testing completion
- Audit verification
Custom Attestation
Organization-specific attestations:
- Management assertions
- Exception approvals
- Incident acknowledgments
Creating Attestations
Attestation Templates
Create reusable templates:
- Go to Evidence > Attestations
- Click Create Template
- Configure:
- Title and description
- Attestation text
- Required acknowledgment
- Linked controls
- Save template
Template Options
| Option | Description |
|---|---|
| Title | Attestation name |
| Description | Purpose and context |
| Statement | Text to be attested |
| Acknowledgment | Checkbox or signature |
| Expiration | How long attestation is valid |
| Controls | Linked compliance controls |
Collecting Attestations
Request Attestation
Send attestation requests:
- Select template
- Click Request Attestation
- Add recipients (individuals or groups)
- Set due date
- Add message
- Send request
Recipient Experience
When users receive a request:
- Email notification with link
- Open attestation form
- Review statement
- Provide acknowledgment
- Submit attestation
Bulk Requests
Request from many users:
- Select template
- Click Bulk Request
- Upload CSV of recipients or select group
- Configure options
- Send all requests
Managing Attestations
Attestation Dashboard
View attestation status:
- Pending requests
- Completed attestations
- Overdue items
- Expiring soon
Tracking Completion
Monitor request progress:
| Status | Meaning |
|---|---|
| Sent | Request delivered |
| Viewed | Recipient opened |
| Completed | Attestation submitted |
| Overdue | Past due date |
| Expired | Validity period ended |
Reminders
Send reminders for pending requests:
- Select pending attestations
- Click Send Reminder
- Customize message
- Send reminders
Auto-reminders can be configured:
- 7 days before due
- 1 day before due
- Day of due date
Attestation Evidence
As Compliance Evidence
Completed attestations serve as evidence:
- Auto-linked to configured controls
- Appear in evidence collection
- Included in compliance reports
Attestation Records
Each completed attestation records:
- Who attested
- When they attested
- What they acknowledged
- IP address (optional)
- Browser/device info (optional)
Expiration and Renewal
Attestation Validity
Set how long attestations remain valid:
| Period | Use Case |
|---|---|
| 90 days | Frequent training updates |
| 6 months | Standard policies |
| 1 year | Annual reviews |
| No expiration | One-time acknowledgments |
Expiration Notifications
Notify when attestations expire:
- 30 days before
- 7 days before
- On expiration
Renewal Requests
Automatically request renewal:
- Enable auto-renewal on template
- Set renewal timing (days before expiration)
- System sends new request automatically
Reporting
Attestation Reports
Generate attestation reports:
- Go to Evidence > Attestations
- Click Generate Report
- Select scope:
- All attestations
- Specific template
- Specific users
- Download report
Report Contents
| Section | Information |
|---|---|
| Summary | Completion rates, compliance |
| Details | Individual attestations |
| Outstanding | Pending and overdue |
| History | Completed with dates |
Compliance Dashboard
View attestation metrics:
- Completion rate by template
- Overdue percentage
- Trend over time
- Department breakdown
Best Practices
Template Design
Create effective templates:
- Clear, specific language
- Appropriate length
- Relevant to the control
- Easy to understand
Request Timing
Send requests strategically:
- Start of employment
- After policy updates
- Before audits
- Annual renewal cycle
Follow-Up
Ensure completion:
- Monitor dashboards
- Send timely reminders
- Escalate overdue items
- Report completion rates
Integration
HR Systems
Integrate with HR for:
- New hire onboarding
- Role changes
- Terminations
Training Systems
Connect to LMS for:
- Training completion records
- Automatic attestation triggers
- Compliance tracking
Troubleshooting
Requests Not Received
If users don't receive requests:
- Check email addresses
- Review spam filters
- Verify user access
Cannot Complete Attestation
If users can't submit:
- Check link validity
- Verify user authentication
- Review browser compatibility
Missing Attestations
If completed attestations don't appear:
- Check submission confirmation
- Verify user identity
- Contact support
What's Next?
- Evidence Artifacts - Manage evidence files
- Evidence Bundles - Package for audits
- Evidence Gaps - Review coverage