An evidence archive is a centralised, structured repository where all compliance evidence is stored, organised by control, framework and audit period. It serves as the single source of truth for demonstrating that security controls are implemented and operating effectively, containing artefacts such as screenshots, log exports, policy documents, configuration snapshots, training records and approval workflows.
A well-maintained evidence archive dramatically reduces the burden of compliance audits by making it straightforward for auditors to locate and verify evidence against specific control requirements. GRC platforms like Tidal automate evidence organisation by mapping artefacts to controls across multiple frameworks simultaneously, eliminating the need for manual folder structures and reducing the risk of missing or outdated evidence during audit season.