Audit Evidence Tracker

Centralize artifacts auditors will request: policies, screenshots, exports, attestations, and test results.

Missing

4

Requested

2

Collected

2

Reviewed

1

Accepted

0

Status

ID	Evidence	Control Area	NIST	Owner	Status	Collected	Actions
E-001	MFA policy screenshot Screenshot of Okta MFA enforcement policy applied to all users. Note: Pending review by audit lead.	Identity & Access Management	Protect	Priya Shah		1969-12-22
E-002	Quarterly access review report Q1 access review attestations for privileged systems. Note: Process not yet implemented.	Access Management	Protect	Marcus Lee		—
E-003	Security awareness training completion report KnowBe4 completion export for the prior quarter. Note: Vendor onboarding in progress.	Awareness & Training	Protect	Sam Okafor		—
E-004	Backup restore test results Documented results from the latest restore exercise. Note: No tests performed in last 12 months.	Resilience	Recover	Jordan Reyes		—
E-005	Incident response plan Approved IR plan with roles, severities, and escalation paths. Note: Draft in progress.	Incident Response	Respond	Jordan Reyes		—
E-006	Vendor assessment form Vendor security assessment for top 10 critical vendors. Note: Awaiting responses from 4 vendors.	Third-Party Risk	Govern	Elena Volkov		—
E-007	Asset inventory export Consolidated hardware and software inventory. Note: Reconciliation underway.	Asset Management	Identify	Marcus Lee		1969-12-29
E-008	SIEM detection coverage Detection rule inventory and recent alert triage notes. Note: SIEM not yet centralized.	Logging & Monitoring	Detect	Priya Shah		—
E-009	Approved security policy set Board-approved information security policies. Note: Final approval pending.	Governance	Govern	Jordan Reyes		1969-12-02