Evidence Bundles
Package compliance evidence for audits and reviews
bundlesauditpackagesevidence collection
Evidence Bundles
Bundle your compliance evidence into organized packages for auditors, reviewers, and stakeholders.
What Are Bundles?
Evidence bundles are curated collections of evidence artifacts organized for a specific purpose:
- Audit packages - Comprehensive evidence for external audits
- Framework bundles - All evidence for a specific framework
- Control bundles - Evidence for specific controls
- Review packages - Selected evidence for internal reviews
Creating Bundles
Start a New Bundle
- Go to Evidence > Bundles
- Click Create Bundle
- Configure bundle settings
- Add evidence
- Save bundle
Bundle Settings
| Setting | Description |
|---|---|
| Name | Bundle identifier |
| Description | Purpose and scope |
| Type | Audit, review, framework, custom |
| Framework(s) | Associated frameworks |
| Controls | Specific controls to include |
Adding Evidence
By Control
Include all evidence for selected controls:
- In bundle editor, click Add by Control
- Select framework
- Check controls to include
- All linked evidence is added
By Artifact
Select specific artifacts:
- Click Add Artifacts
- Browse or search artifacts
- Select items to include
- Add to bundle
By Type
Add evidence by type:
- Click Add by Type
- Select type (documents, screenshots, etc.)
- Filter by framework/control
- Add matching artifacts
Bundle Organization
Sections
Organize bundles into sections:
Audit Bundle - Q4 2024
├── 1. Executive Summary
├── 2. Framework Overview
├── 3. Identity & Access Controls
│ ├── MFA Configuration
│ ├── Conditional Access Policies
│ └── Role Assignments
├── 4. Data Protection Controls
└── 5. Appendices
Creating Sections
- Click Add Section
- Enter section name
- Drag artifacts into section
- Reorder as needed
Section Notes
Add context to sections:
- Click section header
- Add introductory notes
- Explain what evidence demonstrates
Bundle Templates
Using Templates
Start from pre-built templates:
- Click Create from Template
- Select template:
- SOC 2 Audit Package
- ISO 27001 Review Bundle
- CIS Assessment Bundle
- Template creates sections and control links
- Customize as needed
Creating Templates
Save your bundle as a template:
- Complete bundle configuration
- Click Save as Template
- Name and describe template
- Template available for future bundles
Bundle Review
Review Workflow
Before finalizing, review bundles:
- Completeness Check - Verify all controls have evidence
- Quality Review - Ensure evidence is appropriate
- Currency Check - Verify evidence is current
- Gap Identification - Find missing items
Completeness Report
Generate a completeness report:
- Open bundle
- Click Review > Completeness
- See coverage by control
- Identify gaps
Evidence Gaps
If controls lack evidence:
- Highlighted in review
- Link to gap resolution
- Can upload directly
- Or mark as acknowledged gap
Exporting Bundles
Export Options
| Format | Description |
|---|---|
| ZIP Archive | All evidence files organized |
| PDF Document | Formatted bundle document |
| Index + Files | Spreadsheet index with file references |
ZIP Export
Creates a ZIP file with:
bundle-export/
├── index.xlsx # Evidence index
├── 01-executive-summary/
│ └── summary.pdf
├── 02-framework/
│ ├── control-1.json
│ └── control-2.pdf
└── 03-appendices/
└── supporting-docs/
PDF Export
Creates a single PDF with:
- Table of contents
- Section organization
- Embedded evidence (images, text)
- Links to external files
Index Export
Creates a spreadsheet with:
- Control mapping
- Evidence descriptions
- File locations
- Status indicators
Sharing Bundles
Generate Share Link
Share bundles with external parties:
- Open bundle
- Click Share
- Configure:
- Expiration date
- Password protection
- Download permissions
- Copy share link
Share Options
| Option | Description |
|---|---|
| Expiration | Link validity period |
| Password | Require password to access |
| View Only | Prevent downloads |
| Track Access | Log who views |
Share links provide access to potentially sensitive evidence. Use appropriate security controls.
Email Bundle
Send bundle directly:
- Click Share > Email
- Enter recipient addresses
- Add message
- Choose attachment or link
- Send
Bundle Management
Bundle Status
| Status | Meaning |
|---|---|
| Draft | Work in progress |
| Under Review | Being reviewed |
| Approved | Ready for use |
| Shared | Distributed externally |
| Archived | No longer active |
Version History
Track bundle changes:
- View modification history
- See who made changes
- Restore previous versions
Archiving Bundles
Archive completed bundles:
- Open bundle
- Click Archive
- Bundle moves to archive
- Still accessible, not in active list
Best Practices
Before an Audit
- Create bundle well in advance
- Run completeness check
- Address all gaps
- Have internal review
- Generate final export
Organization
- Use consistent naming
- Organize by control/theme
- Include context notes
- Maintain section order
Quality
- Include only relevant evidence
- Ensure evidence is current
- Add explanatory notes
- Remove duplicates
Troubleshooting
Large Bundle Export
If export fails for large bundles:
- Export sections separately
- Use ZIP format (smaller)
- Contact support for large files
Missing Evidence
If evidence doesn't appear in bundle:
- Verify artifact is linked to control
- Check artifact status (active)
- Refresh bundle
Share Link Issues
If recipients can't access:
- Verify link hasn't expired
- Confirm password is correct
- Check for firewall blocks
What's Next?
- Evidence Artifacts - Manage evidence
- Evidence Gaps - Ensure complete coverage
- Generating Reports - Create formal reports