Glossary

Evidence

A file or link that proves a security control or audit requirement has been met. It can be collected automatically, uploaded manually, or generated through workflows or policies.

Automated Evidence

Evidence collected by Sprinto’s system via integrations and monitoring. It is read-only and cannot be edited.

Workflow Evidence

Evidence generated through checks run on connected platforms like AWS, Google Workspace, or GitHub. This type is also read-only.

Evidence Requested

Evidence submitted by users in response to a request created through the Sprinto dashboard. It can be uploaded, reviewed, and archived.

Uploaded Evidence

Manually added evidence files or links. This is the most flexible evidence type and supports metadata, control mapping, version history, and archiving.

Policy Evidence

Evidence automatically generated when a policy is uploaded, approved, or published in Sprinto. It is read-only.

Evidence Group

A label or category used to logically group related evidences (e.g. by audit event, department, or framework).

Evidence Identifier

A unique, auto-generated code (e.g. EVD-001) assigned to each uploaded evidence file.

Evidence Collected Date

The date the evidence was originally generated or obtained. This can be edited manually.

Custom Fields

User-defined metadata fields (e.g. Department, Expiry Date, Type) that help organise and filter evidences.

Version History

A log of all updates made to a given evidence item, showing previous versions and timestamps.

Review Required

A setting that, when enabled, allows a reviewer to approve or request changes to an evidence file.

Archived Evidence

Evidence that has been removed from audit visibility but remains linked to controls. It cannot be edited or updated.

Associated Controls

The specific security or compliance controls that an evidence item is mapped to.

Audit Requirement

A specific checklist item in an audit that requires proof of compliance, often fulfilled by attaching evidence.