/
Evidence Provider

Evidence Provider

Owned by Victoria Buhler (Deactivated)
Last updated: Feb 09, 2023
3 min read

ZenComply Help

ZenComply Evidence Provider Role

An Evidence Provider gathers information (usually attachments and comments) for their assigned Evidence Requests for Control Assessments. They have the most narrow view of ZenComply. 

Evidence Providers would know the relevant information needed to support the control that is being assessed and are typically individuals outside of the team evaluating Controls, like:

  • application owners

  • process owners

  • external MSP leads

  • someone identified as being critical in a process.

What are the Evidence Provider’s access and permissions?

  • Evidence Providers are made aware of access to an Evidence Request once the record is “In-Progress”.

  • Evidence Providers have permissions to view the record and download the attachments only from their assigned Evidence Requests. If the record were to be re-assigned, the user would no longer have access to that role and would not see the record on a listing.

  • Evidence Providers are granted access in ZenComply during the Evidence Assignment and Execution within the Audit program:

After an audit is launched in Program Setup, the audit will be in “Evidence Assignment” status, with one or more unassigned Evidence Request records for each Control Assessment.

Here, Control Assessors assign/invite users as Evidence Providers for corresponding Evidence Requests from either the Evidence Request listing or from an individual Evidence Request flyout (see images below).

Once an Evidence Provider is assigned, the Control Assessor will Activate the Evidence Request, and the Evidence Provider is then notified via email. 

Listing of Evidence Requests for a Control Assessor

*If the Evidence Provider is new to ZenComply, they will receive an email confirming their access and another email notification of their assigned Evidence Request that they are responsible.

A control assessor may reject an evidence request and require more attachments or context to the request. The control assessor would reject the evidence request and the record would go back to an “In Progress” state for the evidence provider to add additional evidence. 

As you can see from this screenshot below the evidence provider only has access to the evidence requests tab from within an audit and can only see the records where they were named an evidence provider. 

 

Evidence Provider Actions

Submit Evidence Requests

When the Evidence Provider completes uploading all relevant supporting documentation for an Evidence Request, the Control Assessor evaluates the attachments to determine the operational effectiveness of the Control Assessment. 

Object Hierarchy for Evidence Provider Access

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com