Solutions and Applications
Compliance Audit Readiness (CA...
SCF Evidence Application Overview
the solution builds the scf evidence application during installation an scf evidence record stores information about audit evidence artifacts, collection methods, and review status the application automatically populates up to 230 pre defined evidence records from the scf data based on what compliance frameworks are chosen during installation the pre defined evidence records are provided as a courtesy of swimlane but certainly do not represent the whole body of evidence in the user’s compliance program the pre defined evidence records will come with the following fields populated as read only values true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type scf evidence records also have editable fields to input information about the evidence such as collection type, evidence owner, and implementation notes evidence collection types a user can import files as evidence such as pdf, excel, or word documents users can provide an external url link as evidence a user can also link turbine playbooks as evidence this would be the case if the audit evidence is contained in a turbine automation use case this is a url field where you can link a turbine playbook url if a user does not have the “orchestrator” role for the linked playbook, the url will not work users can select multiple collection types and store as much evidence as they want per one evidence record there are no hard and fast rules about what can be stored in an evidence record, it is up to the user and their organization for example user uploads five information security policies as pdf’s and also includes an external url to a confluence knowledgebase article within one evidence record evidence tracking section scf evidence records contain an “evidence tracking” section which is used to add notes about the last review of the evidence, who reviewed it, and when the evidence expiration date is finally, the evidence status field is the guiding field to indicate whether an evidence record is ready if the evidence status field is set to “ready” and also has a date populated in the evidence expiration date field, the application will automatically set the evidence status field back to “expired” if the expiration date has passed the following table lists the editable fields in the scf evidence application true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type