Skip to main content

Create Evidence

Add and manage evidence in Drata's Evidence Library to support control readiness and audit preparation.

⚠️ Select your experience

The steps depend on your interface version. Select a link to skip to the instructions for your version.

Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.

Instructions for the New Experience ⬇️

Adding relevant, up-to-date evidence helps keep controls ready and prevents audit gaps. Always ensure uploaded artifacts directly support the controls they're mapped to. Outdated or incorrect evidence can negatively impact control readiness.

You can upload evidence directly from your computer or from a connected cloud storage provider.

Supported File Types

  • Local file

    • Supported file types include: CSV, DOCX, GIF, HTML, JPEG, JSON, LOG, MP4, MSG, ODP, ODS, ODT, PDF, PNG, PPTX, TXT, XLSX, ZIP

  • Google Drive

  • Microsoft OneDrive

  • SharePoint

  • Box

  • Dropbox

Upload rules

  • You can upload one file per artifact

File Size Limits

  • Individual files: Up to 50 MB

  • Zipped files: Up to 100 MB total (each unzipped file must be under 50 MB)

Add Evidence

  1. Navigate to Compliance > Evidence.

  2. Select Create Evidence.

  3. Enter the required details:

    • Name

    • Description (optional)

    • Implementation guidance (optional)

  4. Add source:

    • File: Upload a document from your computer or cloud storage

    • URL: Link to a web-based resource

    • Ticket provider: Enter the direct URL to the ticket in your ticketing system (for example, a Jira or Linear issue link).

    • No Artifact: Use if the evidence will be provided later

  5. If uploading from a cloud provider:

    • Sign in with the correct account

    • Browse or search for the file using keywords

  6. Enter the Creation date and Renewal date to support audit timelines.

  7. (Optional) Map the evidence to controls.

  8. Select Save.

The evidence is added to the Evidence Library and linked to any selected controls.

Add Evidence from the Control page

You can also add evidence directly while working on a control.

  1. Go to the Controls page and select a control.

  2. Open the Evidence tab.

  3. Select Map Evidence.

  4. Choose one of the following:

    • Evidence Library: Choose existing evidence that already exists in the Evidence page.

    • Miscellaneous evidence: Add new evidence.

  5. Select Save.

Instructions for the Classic Experience ⬇️

Drata allows you to link evidence directly to a control in order to build a repository for your audit. This eliminates the need for a separate storage place for those controls that do not have continuous monitoring tests in Drata.

Before diving in

Admins, Information security leads, Workspace managers, Control managers, DevOps engineer have access to this section within Drata.

Link miscellaneous evidence

On the Controls page, select a control to access the control drawer. On the control drawer, scroll down to CONTROL EVIDENCE section.

Controls page showing the Control Evidence section in the control drawer

To add miscellaneous evidence, select Add within the Miscellaneous evidence section. A modal will appear. On the modal, there are two tabs: File and URL. If you would like to upload a file, select the File tab and if you would like to enter a URL, select the URL tab.

Add miscellaneous evidence modal showing File and URL tabs

Uploading a file:

When uploading a file, you can include a name and description, but if you opt not to do so, the file name will be populated as the name of the evidence. You are required to enter a creation date and a renewal date – these dates are used to determine the readiness of a control.

The approved file types include: pdf, docx, odt, xlsx, ods, pptx, odp, gif, jpeg, jpg, png, csv, zip, txt, json, markdown, and md. The file upload max size is 25MB.

Adding a URL:

When adding a URL, you're required to add a name, creation date, and renewal date. You can optionally enter a description. A .csv file with the URL(s) will be available when downloading external evidence.

Save when all the information has been entered. Learn more about the controls here.

Update a file or URL

To edit a file or URL, select the edit icon on the evidence you'd like to update. Make any changes you'd like to make and click the save button.

Evidence item showing the edit icon to update a file or URL

Link a policy from Policy Center

Effective policy management starts with using the Policy Center as a centralized repository. Manually linking these policies to controls ensures clear traceability, simplifying audits and compliance checks.

On the Controls page, select a control to access the control drawer. On the control drawer, scroll down to POLICIES section.

Controls page showing the Policies section in the control drawer

To link a policy, select Add within the Link policies within Drata section. A modal will open including all of the policies you currently have in Drata.

Link policies modal showing all policies available to link to a control

To link a policy, check the policies you would like to link and select Save. If you want to create a new policy, select Create a New Policy in the upper right corner of the modal.

Note: Drata's templated policies have been automatically mapped to the applicable controls. You can unlink a pre-mapped (or any) policy at any time.

Additionally, policies published in Drata may not automatically appear in the Trust Center. This manual inclusion allows organizations to manage which policies are publicly visible, ensuring only relevant and appropriate information is shared externally.

Related Articles
Create Workflow for Evidence
Drata Evidence Library Sync
Evidence Overview
Evidence Renewal Date
Manually Export Evidence Data from Drata
Did this answer your question?