How to Map Evidence, IRL, “Provided by Client” Lists
Evidence records can be associated to one or more internal controls in the C1Risk platform and are used to provide the documentation / evidence required by auditors to validate that the implementation of your compliance controls (internal controls) and compliance with the relevant regulatory requirement or standard.
For external audits, your auditor should provide a list of required documents and data to provide during audit. This list is often referred to as your IRL (Information Request List) or PBC List (Provided by Client). This list is also included in your SOC 2 Type 2 reports, along with the internal controls used to implement your SOC 2 Type 2 Certification. For more information on how/where to find your evidence list, contact C1Risk: Submit a ticket : C1Risk Training Portal (freshdesk.com)
Evidence Collection / Continuous Monitoring
Bulk Import Your Evidence Requirements to C1Risk using a .CSV template, or by providing your report to support. Submit a ticket here: Submit a ticket : C1Risk Training Portal (freshdesk.com) or use the attached template.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article