SCF Evidence Application Overview

3 min

the solution builds the scf evidence application during installation an scf evidence record stores information about audit evidence artifacts, collection methods, and review status the application automatically populates up to 230 pre defined evidence records from the scf data based on what compliance frameworks are chosen during installation the pre defined evidence records are provided as a courtesy of swimlane but certainly do not represent the whole body of evidence in the user’s compliance program the pre defined evidence records will come with the following fields populated as read only values application field name desciption erl # evidence id is the primary key of an evidence record area of focus single select groupings of security related areas that the evidence relates to documentation artifact the name of the evidence artifact scf control mappings pre mapped scf control id artifact description description of the evidence artifact scf evidence records also have editable fields to input information about the evidence such as collection type, evidence owner, and implementation notes evidence collection types a user can import files as evidence such as pdf, excel, or word documents users can provide an external url link as evidence a user can also link turbine playbooks as evidence this would be the case if the audit evidence is contained in a turbine automation use case this is a url field where you can link a turbine playbook url if a user does not have the “orchestrator” role for the linked playbook, the url will not work users can select multiple collection types and store as much evidence as they want per one evidence record there are no hard and fast rules about what can be stored in an evidence record, it is up to the user and their organization for example user uploads five information security policies as pdf’s and also includes an external url to a confluence knowledgebase article within one evidence record evidence tracking section scf evidence records contain an “evidence tracking” section which is used to add notes about the last review of the evidence, who reviewed it, and when the evidence expiration date is finally, the evidence status field is the guiding field to indicate whether an evidence record is ready if the evidence status field is set to “ready” and also has a date populated in the evidence expiration date field, the application will automatically set the evidence status field back to “expired” if the expiration date has passed the following table lists the editable fields in the scf evidence application application field name description evidence collection type multi select field manual upload monitored in turbine external url evidence owner email email of the evidence owner in the organization evidence owner title job title of the evidence owner in the organization evidence artifacts (file upload) button to upload a file into the evidence record (used for the manual upload type) referenced playbooks multi select list of all actions in the user’s turbine environment (used for monitored in turbine type) external url hyperlink field (used for external url type) reviewed by name of the turbine user who last reviewed the evidence record evidence review date date of the last review of the evidence record evidence expiration date expiration date of the evidence evidence status single select field not started in progress ready expired implementation notes rich text box used to describe the evidence, its context, or how it is implemented