Providing auditors with evidence that your ISMS is effectively implemented and operating as intended is crucial. To make this process easier, you can add manual evidence directly into Secfix. This feature consolidates a list of common evidence requirements that auditors typically ask for during the audit process.

Manual Evidence can be found in the Monitoring section of Secfix.

The list of all required evidence is grouped into Employee, Engineering, Policy and Risks sections.

By going through each manual task, you'll be able to either Add evidence (manual upload from the computer or attach a link) or Mark the task as not applicable.

You'll be notified when the document needs to be updated and the past versions will be saved in Past evidence.

Here are a few best practices regarding manual evidence during the audit process.

In case the auditor asks for evidence of a specific standard chapter, you can just refer to the information that you have on the manual evidence feature. Each evidence is assigned to its own standard chapter and you'll be able to check that information by clicking on it and hovering your mouse on the desired standard. Here's an example:

You don't want to stress out during an audit because you can't find specific evidence, right? This is definitely a golden rule for you that might have your documents scattered all over the place. To fix this, create an evidence folder on your cloud storage provider (OneDrive, Google Drive, Dropbox) and add all of your evidence documents there.

Once the documents are uploaded to this folder, you should name them according to the evidence name and use their unique URLs to add them to Secfix. This will allow you better manage your documents and replace them whenever new versions pop up.

Auditors don't always need to see a fully working process in detail during the first audit stages. If you're a newcomer, you should be fine if you're using basic screenshots that depict ISMS-related meetings or processes taking place (from your calendar or a ticketing system).