Evidence Catalogue

Evidence types required to demonstrate control implementation and compliance.

Evidence-Based Compliance

ECGF controls require specific evidence types to demonstrate implementation. This catalogue shows the 288 evidence items mapped across all controls.

288
Total Evidence Items
10
Evidence Categories
80
Controls Requiring Evidence

Evidence Categories

📝

Procedures

113 items

Operational procedures and work instructions

📋

Policies

51 items

Security policies, standards, and governance documents

📈

Reports

28 items

Management reports, metrics, and KPIs

⚙️

Configurations

26 items

System and application configuration files

📊

Logs

23 items

System logs, access logs, and audit trails

🔍

Audits

16 items

Audit reports and assessment findings

📁

Registers

16 items

Asset registers, risk registers, and inventories

🤝

Agreements

6 items

Contracts, SLAs, and third-party agreements

🎓

Training

5 items

Training records and awareness materials

📅

Plans

4 items

Incident response, business continuity, and project plans

About Evidence Types

Each ECGF control specifies the evidence types needed to demonstrate implementation. Evidence requirements vary by control complexity and risk level.

Organizations can provide alternative evidence types with proper justification, as long as they demonstrate effective control implementation.

View detailed evidence requirements for each control in the GitHub repository.

View Evidence Requirements