Getting Started with Evidence in PolicyCo
Proof is everything in compliance. In PolicyCo, we call this "Evidence"—it's simply the documentation (logs, screenshots, files) that proves you're actually doing what your policies say you do.
Quick Tip: Some folks call these "Control Tests." If that sounds more like your team, you can actually rename "Evidence" to "Control Test" in your Settings.
Who Does What?
Before you start, it helps to know who is responsible for what pieces of the puzzle:
The Author: The architect. You set up the template, name it, and decide how often evidence needs to be collected.
The Assignee: The doer. You’re the one gathering the logs or screenshots and uploading them. You'll see these tasks pop up in your "My Tasks" list.
The Reviewer: The judge. You check the uploaded work and give it a thumbs up (Approve) or thumbs down (Fail).
The MAP Author: This role is held by the reviewer. If a review fails, this person writes the "Management Action Plan" to get things back on track.
How to Set Up New Evidence
Ready to create a new collection bucket?
Go to Evidence in the left menu and click Add New (you'll need Manager or Owner permissions).
Give it a Name that makes sense, like "AWS Backup Logs".
Set the Schedule (Optional):
One-off: Leave "Define Period" unchecked if you just need a single folder for random uploads.
Recurring: Check the box if you need this Monthly, Quarterly, or Yearly. PolicyCo will automatically generate new folders for you as time goes on.
Pro Tip: Leave the "End Date" blank so the notifications keep coming indefinitely.
Making Connections: Linking to Procedures
Evidence rarely stands alone—it usually supports a specific Procedure. You can link them up in two ways, whichever feels more natural to you:
From the Evidence side: Open your Evidence Template, click the Add Procedures in the menu on the right and select the ones that apply.
From the Procedure side: While editing a Procedure, scroll to the "Evidence Template" section on the right hand menu, click to toggle Evidence on, and grab the right Evidence Template.
The Daily Workflow: Uploading & Reviewing
For the Assignee (Uploading): When it's time to prove you did the work, just go to the right folder (e.g., the "October" folder for October's tasks). You can upload a file directly or paste a link if your evidence lives somewhere else (like a cloud drive). Once you're done, hit Submit for Review. If there happens to be a need for multiple uploads, click the three dot menu next to approve to upload more!
For the Reviewer: You have three main moves when you see new evidence:
Approve: Everything looks good!
Incomplete: It's missing something. This sends it back to the Assignee's task list.
Fail Review: It’s incorrect or insufficient. This triggers a remediation process where someone has to write a formal plan (MAP) to fix the failure.
Housekeeping Notes
Color Codes: Your folders will change color to keep you on track. Purple folders are for documents that do not need approval (ie: a form you want filled out or supplemental information), Yellow means it's coming due, Red means it's due, Blue with a Check Box means complete with no Action Plan, Blue with an Exclamation Point means that the period review failed but it was corrected with an action plan, and Red with a Lock means it is past due.
Viewing & Downloading: You can view images and PDFs right inside PolicyCo. For everything else, you can download files individually or grab a whole folder at once using the menu next to the folder name.
Permanent Record: Heads up—once evidence is uploaded and the period closes, it cannot be deleted. This is to ensure you always have a solid audit trail. Evidence templates that are no longer needed simply need to select File, click Edit Period, and select an End Date.
