Evidence Management
GLACIS supports three types of evidence to demonstrate control implementation.
Evidence Types
Attestations
Automatically captured from sidecars:
- L0/L2 attestations
- Policy scores
- Merkle proofs
- Auto-mapped to relevant controls
Documents
Uploaded files:
- PDF, DOCX, images
- Policy documents
- Audit reports
- Training materials
Links
External references:
- Monitoring dashboards
- Ticketing systems
- Code repositories
- Training platforms
Adding Evidence
- Navigate to the control
- Click Add Evidence
- Select type (attestation, document, link)
- Upload or enter details
- Save
Auto-Evidence
Attestations from sidecars automatically:
- Flow in via webhook
- Get validated and stored
- Map to applicable controls
- Count toward compliance score
Auto-Evidence Controls
| Control | Evidence Source |
|---|---|
| A.6.2.6 | Request/response attestations |
| A.6.2.8 | Latency and error metrics |
| A.7.5 | Input validation scores |
| A.9.4 | Usage pattern analysis |
Evidence Quality
Good evidence should be:
- Relevant - Directly addresses the control
- Current - Recent and up-to-date
- Complete - Covers the full requirement
- Verifiable - Can be independently confirmed