Evidence Management
Learn how evidence works in Imara — what it is, how it is organized, and how it proves your controls are working.
What Is Evidence?
Evidence is the artifacts that demonstrate a security control is active and functioning as expected. During an audit, auditors review evidence to verify that the organization actually practices what it documents. Examples include screenshots of security configurations, system logs, tool reports, signed contracts, and training records.
Evidence Types
- Files — PDFs, images, spreadsheets, exported documents
- Screenshots — Captures of configurations, dashboards, and reports
- Automated Evidence — Collected automatically by integrations (e.g., AWS IAM active users report)
- Links — References to external documents or online resources
- Documents — Policies and procedures created inside the Imara platform
Linking Evidence to Controls
A single piece of evidence can be linked to multiple controls, which is especially useful when an artifact (such as a password policy) satisfies requirements of several different controls. To link, open the control and click Add Evidence, or access the evidence directly and select the relevant controls.
Validity and Expiration
Evidence has an expiration date. Some frameworks require evidence to be updated periodically (e.g., monthly access logs, quarterly access reviews). Imara proactively notifies you when evidence is about to expire, preventing compliance gaps.
Evidence Repository
All collected evidence is stored in a centralized repository, accessible from the Evidence section in the side menu. You can filter by type, validity status, linked control, and collection date to quickly find what you need during an audit.