Establishing evidence best practices is crucial for maintaining a strong compliance posture. Collecting, organizing, and managing evidence effectively not only ensures that you meet regulatory requirements but also simplifies audits and reduces risk. Best practices include maintaining clear documentation, centralizing storage for easy access, and verifying the accuracy and timeliness of evidence. By following these guidelines, organizations can demonstrate due diligence, streamline compliance processes, and instill confidence in auditors and stakeholders.

Screenshot Evidence

When uploading a screenshot be sure to include the following:

• URL (if applicable)
• Date Stamp (the computer generated time and date stamp)

When uploading a screenshot be aware of the following.

• A screenshot cannot be from a training document or text pasted into a document.
• When documenting a password policy do not upload a screenshot of the password policy section of the Acceptable Use policy. Instead, upload a screenshot of the password policy that governs the particular tool or application requested (when not available via integration).
• It also cannot be a screenshot from a vendor guideline document unless the vendor does not provide the ability to configure the element being tested. For example, Bitbucket password settings are unable to be configured by the Bitbucket admin.

Please reach out to support@secureframe.com with any specific questions regarding screenshot best practices!