Skip to content
TruthVouch Docs

Manual Evidence Upload

For systems without live connectors, manually upload evidence. Supported formats: PDF, DOCX, CSV, XLSX, JSON, PNG, JPG. Evidence is stored in compliance repository and linked to controls.

How to Upload

  1. Go to ComplianceEvidence+ Upload Evidence
  2. Select System: Which AI system is this for
    • ChatGPT Integration
    • Internal LLM Service
    • Claude API
    • etc.
  3. Select Control: Which requirement does this address
    • SOC 2: CC6.1 (Access Control)
    • ISO 42001: 4.3 (Risk Management)
    • EU AI Act: Article 8 (Risk Management)
    • etc.
  4. Evidence Type: Category
    • Documentation (policy, procedure)
    • Audit Log (screenshots, exports)
    • Test Results (run output, pass/fail)
    • Attestation (signed statement)
    • Recording (video proof)
    • Other
  5. Upload Files:
    • Click Choose Files or drag & drop
    • Supports: PDF, DOCX, XLSX, CSV, JSON, PNG, JPG, MP4
    • Max: 10MB per file, 5 files per upload
  6. Add Description: 
    Title: "PII Masking Test Results - March 2025"
    

    Notes: "Test run showing 100% masking of SSN patterns.
    All 50 test cases passed. Configuration: confidence_threshold=0.85"
    

    Date Collected: Mar 15, 2025
    Expiration: Mar 15, 2026
  7. Add Tags (optional):
    • SOC 2
    • GDPR Compliance
    • PII Protection
    • etc.
  8. Click Save

Evidence now linked to control. Appears in scan results and evidence dashboard.

Evidence Types Explained

Documentation

  • Policies, procedures, guidelines
  • Configuration files, templates
  • Architecture diagrams
  • Process flowcharts

Example:

File: PII-Masking-Policy-v1.2.pdf
Proves: Your organization has a documented PII masking policy
Status: Accepted
Expiration: Mar 15, 2026

Audit Log

  • Screenshots of logs/dashboards
  • Exported data (CSV, JSON)
  • Log files
  • Access records

Example:

File: firewall-audit-march-2025.csv
Contains: 2,847 firewall events
Proves: Complete audit trail of governance decisions

Test Results

  • Test execution reports
  • Pass/fail results
  • Coverage metrics
  • Performance data

Example:

File: policy-validation-results.json
Tests Passed: 47/47
Proves: All policies have been tested and validated

Attestation

  • Signed statements from responsible party
  • Management certification
  • Third-party verification
  • Audit sign-offs

Example:

File: Attestation-PII-Controls.pdf
Signed by: John Smith, CISO
Date: Mar 15, 2025
Statement: "I certify that PII controls are properly implemented
and monitored across our AI systems."

Recording

  • Video walkthroughs
  • Screen recordings of controls
  • Demonstrations

Example:

File: firewall-demo.mp4
Duration: 3 minutes
Shows: Live Firewall blocking PII attempt

Bulk Upload

Upload multiple pieces of evidence at once:

  1. Go to ComplianceEvidenceBulk Upload
  2. Download template CSV: 
    system,control,evidence_type,file_path,description,expiration_date
    ChatGPT,SOC2-CC6.1,documentation,./policies/access-control.pdf,"Access control policy",2026-03-15
    ChatGPT,ISO-42001-4.3,audit_log,./logs/firewall-events.csv,"March audit events",2026-03-15
  3. Fill in your evidence details
  4. Upload template
  5. Select files from computer
  6. Click Upload All

All evidence processed and linked automatically.

Evidence Expiration

Evidence expires after set period. Renewal required:

Evidence: PII Masking Test Results
Expiration: Mar 15, 2026
Status: Expires in 90 days


To renew:
1. Collect fresh evidence (new tests)
2. Upload with same control
3. Old evidence automatically archived
4. New evidence becomes "current"

Configure default expiration:

  • SettingsComplianceEvidence Settings
  • Default expiration: 1 year (365 days)
  • Can override per upload

Finding & Organizing Evidence

Evidence Dashboard

  1. Go to ComplianceEvidence
  2. See all uploaded evidence by:
    • Control: Group by SOC 2, ISO 42001, etc.
    • Status: Current, Expired, Pending Review
    • Age: Recently uploaded, upcoming expiration
  3. Click any piece to view details, download, or delete
Search filters:
- System: "ChatGPT", "Internal LLM", etc.
- Control: "SOC 2", "GDPR", "ISO 42001"
- Type: "Documentation", "Audit Log", etc.
- Status: "Current", "Expired", "Pending"
- Date Range: Custom date picker

Best Practices

  1. Collect Throughout Year: Don’t wait until audit time
  2. Label Clearly: Titles and descriptions should be self-explanatory
  3. Include Dates: When collected, valid through when
  4. Organize by Control: Link to specific requirement being proven
  5. Keep Originals: Store original files for audit trail
  6. Attestations: Get signed statements from responsible parties
  7. Test Results: Include test conditions and results
  8. Logs: Export full logs with timestamps