1. Framework FAQs

How do I collate evidence for my SOC 2 Audit?

This article outlines how to collate evidence in the Adoptech portal for a SOC 2 audit to share with the Auditor.

Note that this is only required for SOC 2 certification.

Auditors need the ability to view Test result evidence and associated uploaded evidence in an easy to follow format.  Adoptech provides the ability to collate all the required evidence at the click on a button!

How to collate the evidence

1. Once you have run all your Tests and your Controls are compliant you are ready to collate your evidence to share with the Auditor.

From the Frameworks/SOC2 Controls page,

 

soc2evidence

click on the Export evidence button

2. A Right-hand side menu will appear where you enter the date range for the evidence report required.

3. After clicking on Export, you will get a confirmation that the report is being generated.

4. As the report can take some time to generate, you will get an email once it is completed and ready to download.

5. After receiving the email, the report can be found in the Data Room under the Evidence tab

6. The report will have the name format 'SOC 2 Control Evidence YYMMDD HHMMSS.zip' 

7. You can download the report  by clicking on the download icon on the RHS

Evidence report format

The evidence report is a zip file that opens into a folder structure per (in scope) Control:

  • Under each Control folder, there is a folder for each associated Check.
  • Under each Check folder, there will be a folder for each test instance that has been run in the given date range - name format 'TEST_NAME YYMMDD HHMMSS' (note the name of this folder has been limited to 50 characters)
  • In the test instance folder there will be a .pdf file providing details of the test and result along as well as a copy of any evidence that was uploaded in support of a manual test.