Evidence Collection
Collect once. Prove everywhere.
50+ automated evidence collectors pull compliance evidence from Okta, Jira, Entra ID, Splunk, AWS, Azure, and more. Evidence freshness scoring ensures nothing goes stale. Review workflows with approval chains maintain audit-grade quality.
What you get
50+ Automated Collectors
Pre-built evidence collectors connect to identity providers (Okta, Entra ID), cloud platforms (AWS, Azure, GCP), project management (Jira, Linear), SIEM (Splunk, Sentinel), HR systems, and more. Each collector extracts specific evidence artefacts — MFA enrollment reports, vulnerability scan results, change management logs — without manual intervention.
Evidence Freshness Scoring
Every piece of evidence is scored for freshness based on configurable validity windows. A penetration test report is valid for 12 months, a vulnerability scan for 30 days, and an access review for 90 days. Approaching-expiry and expired evidence surfaces in dashboards and triggers re-collection workflows automatically.
Review and Approval Workflows
Collected evidence passes through configurable review and approval chains before being marked as audit-ready. Reviewers validate that evidence genuinely demonstrates control effectiveness, not just control existence. Approval history is immutably logged for audit trail purposes.
Cross-Framework Evidence Tagging
Each evidence artefact is tagged to every framework requirement it satisfies. A single access review report can simultaneously serve as evidence for NIS2 Article 21(2)(i), DORA Article 9(4)(c), ISO 27001 A.9.2.5, and SOC 2 CC6.1 — eliminating duplicate collection for overlapping requirements.
Version-Controlled Evidence Library
All evidence is stored in a version-controlled library with full audit trail. Previous versions are retained and accessible, enabling auditors to review evidence history and track how control implementations have evolved over time. SHA-256 hashing ensures evidence integrity.
Scheduled Collection Runs
Configure automated collection schedules — daily for high-frequency evidence like access logs, weekly for vulnerability scans, monthly for policy attestations, and annually for certifications. Schedules align to regulatory reporting cycles and audit windows to ensure evidence is always current when needed.
How it works
Connect Integrations
Connect your identity providers, cloud platforms, project management tools, and security infrastructure using pre-built integrations. OAuth-based connections require minimal configuration and no agent installation.
Configure Collectors
Select which evidence artefacts to collect from each connected system and set collection schedules. FortisEU suggests optimal collector configurations based on your selected frameworks and identified gaps.
Auto-Collect
Collectors run on schedule, pulling fresh evidence from connected systems. Each collection run is logged with timestamps, source metadata, and integrity hashes. Failed collections trigger alerts and retry logic.
Review & Approve
Evidence enters the review workflow where designated reviewers validate quality and relevance. Approved evidence is tagged to framework requirements and reflected in compliance scores. Rejected evidence triggers remediation tasks.
Built for your team
Daily Evidence Management
The compliance officer reviews the evidence dashboard each morning to see 12 pieces of evidence auto-collected overnight from Okta, AWS, and Jira. Three items need manual review — a new penetration test report, an updated BCP document, and a vendor assessment response. After approving each, the NIS2 compliance score updates from 71% to 76%.
Integration Setup and Maintenance
The IT manager connects 8 enterprise systems to FortisEU over two days using OAuth-based integrations. They configure collectors for MFA enrollment data from Entra ID, vulnerability scan results from Qualys, and change management records from Jira. Once configured, evidence flows automatically without ongoing IT involvement.
Evidence Verification and Sampling
An external auditor uses the evidence library to sample 25 control evidence items for ISO 27001 surveillance. Each item shows collection timestamp, source system, integrity hash, review history, and the specific control requirement it satisfies. The version history reveals how control implementations have matured since the previous audit cycle.
Supports your compliance stack
Common questions
What systems and integrations does FortisEU support for evidence collection?
FortisEU provides 50+ pre-built evidence collectors across identity providers (Okta, Entra ID, Google Workspace), cloud platforms (AWS, Azure, GCP), project management (Jira, Linear, Asana), SIEM and security (Splunk, Sentinel, CrowdStrike), HR systems (BambooHR, Personio), and code repositories (GitHub, GitLab). Custom collectors can be built using the collector SDK for proprietary or unsupported systems. New integrations are released monthly based on customer demand.
How frequently is evidence collected?
Collection frequency is configurable per collector and evidence type. High-frequency evidence like access logs and security events can be collected daily, vulnerability scan results weekly, policy attestations monthly, and certifications annually. Schedules align to the validity windows defined in your compliance programme — a control requiring quarterly evidence review triggers collection every 90 days. On-demand collection can be triggered at any time for ad hoc audit requests.
How does evidence tagging work across multiple frameworks?
FortisEU maintains a canonical evidence taxonomy that maps each evidence artefact to every framework requirement it satisfies. When a collector pulls an MFA enrollment report from Okta, the platform automatically tags it to NIS2 Article 21(2)(j) multi-factor authentication, DORA Article 9(4)(d) strong authentication, ISO 27001 A.8.5 secure authentication, and SOC 2 CC6.1 logical access controls. This cross-tagging means a single collection satisfies multiple audit requirements without duplicate work.
Can we upload evidence manually for controls without automated collectors?
Yes. Manual evidence upload supports any file format including PDF, Word, Excel, images, and screenshots. Uploaded evidence goes through the same review and approval workflow as automated evidence. Manual uploads are tagged with the uploader's identity and timestamp. FortisEU recommends automating collection wherever possible but recognises that some evidence types — board meeting minutes, signed policies, physical security photos — require manual upload.
What evidence retention policies does FortisEU enforce?
Evidence retention is configurable per tenant and aligns to regulatory requirements. GDPR Article 5(1)(e) storage limitation principles are respected — evidence containing personal data is retained only as long as necessary for the compliance purpose. Default retention is 7 years for financial services (DORA requirement), 5 years for general compliance, and custom periods for specific evidence types. Expired evidence is archived and eventually purged according to the configured retention schedule, with full audit trail of the lifecycle.
Related features
Compliance Automation
Map once. Comply everywhere.
Learn moreQuestionnaire Automation
Answer security questionnaires in minutes, not weeks.
Learn moreAccess Reviews
Prove who has access to what. Continuously.
Learn moreIncident Management
From detection to regulatory report. Every deadline tracked.
Learn moreSee Evidence Collection in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.