Skip to main content

Evidence and Artifacts

Learn what artifacts are, what counts as compliance evidence, and how to upload and organize documentation in episki.

Written by Jessica Donado
Updated over 2 months ago

Artifacts are the files and documents that prove your compliance. They are essential for audits and maintaining a clear audit trail.

What Counts as Evidence?

Common artifacts include:

Policies and procedures—Written documentation of how you handle compliance
Screenshots—Visual proof of configurations, settings, or controls
Audit logs—System-generated records of activities
Test results—Output from security scans, penetration tests, etc.
Certifications—Certificates from vendors or third parties
Training records—Proof of employee training completion

Where to Attach Artifacts

Artifacts can be attached in several places across episki:

Assessment Responses—Evidence showing how you meet each control
Tasks—Proof that remediation work was completed
Issues—Documentation related to findings and resolution

Uploading Artifacts

To upload an artifact:

  1. Navigate to the location where you want to attach evidence

  2. Click Add Artifact

  3. Select your file(s)

  4. Add a description (helpful for auditors)

  5. Click Upload

Best Practices

Follow these best practices to keep evidence audit-ready:

Be specific—Don’t attach huge documents without pointing to relevant sections
Date your evidence—auditors want to know when evidence was collected
Keep it organized—Use clear file names for easy retrieval
Collect continuously—Don’t wait until audit time
Use descriptions—Add context so auditors understand what they are reviewing

Did this answer your question?