![Trustero_Logo_RGB_1C.png]](https://support.trustero.com/hs-fs/hubfs/Trustero_Logo_RGB_1C.png?height=40&name=Trustero_Logo_RGB_1C.png){kind=logo}
Assigning Controls & Gathering Evidence
How to gather evidence needed to assess operating effectiveness
Once your GRC program is in place, you’ll need to assign controls and control activities across your organization. This ensures compliance responsibilities align with operational workflow roles and responsibilities while collecting the necessary evidence to demonstrate control effectiveness.
Types of Evidence for Control Effectiveness
To demonstrate that controls are operating effectively, you must provide two types of evidence:
- Manual Evidence – Requires human interaction on a predefined cadence.
- Recommended: Establish a formally documented set of InfoSec Operational Activities by department or business unit.
- Use this GRC Knowledge Base Article as a starter template.
- Requirements for Providing Manual Evidence
- Recommended: Establish a formally documented set of InfoSec Operational Activities by department or business unit.
- Automated Evidence – System-generated data that requires correct configuration.
- Examples: Audit logs, user lists, security alerts.
- To set up automated evidence collection:
- Navigate to Integrations > Receptors.
- Click Add Receptor (top-right) to start system-to-system integration.
- Connect to relevant systems, such as:
- HRIS (e.g., TriNet, BambooHR)
- LMS (e.g., Curricula, KnowBe4)
- Ticketing Systems (e.g., Jira, Zendesk)
- MDM Solutions (e.g., Miradore, Jamf)
- Trustero will pull only the necessary data and map it directly to the applicable controls.
By assigning controls and integrating evidence collection, you streamline compliance tracking and ensure audit readiness.
Experience a demo for assigning controls:
Experience a demo for gathering evidence: