Automated vs Manual Evidence
- Automated Evidence
- Manual Evidence
Automated evidence is collected by LowerPlane from your connected integrations without manual intervention. This is the fastest way to build your evidence library and maintain continuous compliance.How it works:
- You connect an integration (AWS, Okta, GitHub, etc.)
- LowerPlane syncs data from the integration on a scheduled basis
- Collected data is processed, categorized, and mapped to relevant controls
- Evidence artifacts are stored securely and linked to controls across all applicable frameworks
- Your compliance dashboard updates automatically
- AWS encryption-at-rest configuration from AWS Config
- MFA enrollment status from Okta
- Branch protection rules from GitHub
- User access lists from Google Workspace
- Vulnerability scan results from Snyk
Evidence Types
LowerPlane supports a wide range of evidence formats:| Type | Description | Examples |
|---|---|---|
| Screenshots | Visual proof of configurations or settings | Cloud console settings, security configurations |
| Documents | PDF, DOCX, or other document files | Signed policies, audit reports, certifications |
| API Data | Structured data pulled from integrations | User lists, configuration exports, scan results |
| Logs | System or audit log exports | Access logs, change management logs, incident logs |
| Reports | Generated reports from tools or LowerPlane | Vulnerability reports, compliance assessments |
| Links | URLs to external evidence | Google Drive documents, Confluence pages |
How Automated Collection Works
The automated evidence collection pipeline follows a structured flow:Integration Connection
You connect an integration by providing OAuth credentials or API keys. LowerPlane verifies the connection and saves the configuration securely.
Initial Sync
An initial sync job is queued to collect all available evidence from the integration. This runs as a background process and may take several minutes depending on the volume of data.
Data Processing
Collected data is processed by LowerPlane’s worker infrastructure. The system categorizes evidence, extracts relevant metadata, and determines which controls and frameworks it applies to.
Storage and Mapping
Processed evidence is stored securely (files in encrypted object storage, metadata in the database). Each artifact is mapped to relevant controls with multi-framework tags.
You can view the status of all collection runs under Integrations > Sync History. Each run shows the number of artifacts collected, any errors encountered, and the controls that were updated.
Evidence Validity and Expiration
Evidence has a limited lifespan. A screenshot of a security configuration taken six months ago may not reflect the current state of your systems. LowerPlane tracks evidence validity to ensure your compliance posture remains current.Validity Periods
- Automated evidence - Refreshed automatically on each sync cycle. Validity is tied to the sync schedule of the integration.
- Manual evidence - You set the validity period when uploading. Common periods are 30, 60, 90, or 365 days.
- Policies and documents - Validity is typically tied to the policy review cycle (annually).
Expiration Notifications
When evidence is approaching expiration, LowerPlane:- Displays a warning icon on the evidence item and any linked controls
- Sends email notifications to the evidence owner and control owners
- Updates the compliance dashboard to reflect the upcoming gap
- Surfaces the item in the Upcoming Deadlines section of the dashboard
Multi-Framework Tagging
Every evidence artifact in LowerPlane can be tagged with multiple frameworks. This is a key feature that eliminates the need to collect the same evidence multiple times for different frameworks.How Tagging Works
When evidence is collected or uploaded:- LowerPlane identifies which controls the evidence applies to
- Each control’s framework mappings are checked
- The evidence is automatically tagged with all applicable frameworks
- A single upload can satisfy requirements in multiple frameworks simultaneously
Managing Tags
You can view and edit framework tags on any evidence artifact:- Open the evidence detail view
- The Frameworks section shows all tagged frameworks
- Click Edit Tags to add or remove framework tags manually
- Linked controls update automatically when tags change
Organizing Evidence
Searching and Filtering
The evidence library supports:- Full-text search across evidence titles, descriptions, and tags
- Framework filter to view evidence for a specific framework
- Type filter to show only screenshots, documents, API data, etc.
- Status filter to find expired, expiring soon, or current evidence
- Control filter to see all evidence linked to a specific control
Evidence Vault
All evidence is stored in a centralized vault accessible from Compliance > Evidence. The vault provides:- A complete inventory of all collected and uploaded evidence
- Download capability for audit package preparation
- Audit trail showing when evidence was collected, by whom, and any modifications
Best Practices
Prioritize automated collection
Prioritize automated collection
Connect integrations before manually collecting evidence. Automated collection is more reliable, stays current automatically, and scales across your organization without additional effort.
Set realistic validity periods
Set realistic validity periods
For manual evidence, choose validity periods that match your actual review cycles. Setting a 365-day validity on a configuration screenshot that changes monthly creates false confidence.
Review evidence before audits
Review evidence before audits
Before an audit, filter for expired or soon-to-expire evidence and refresh it. An auditor will flag stale evidence even if the underlying control is still implemented.
Use descriptive titles and notes
Use descriptive titles and notes
When uploading manual evidence, provide clear titles and detailed notes. An auditor reviewing “screenshot_2024.png” will have more questions than one reviewing “AWS S3 encryption configuration - all buckets - Jan 2024.”