Objective evidence refers to verifiable, factual information that demonstrates whether a control, process, or requirement is being met. In audit contexts, it can take many forms including documents, records, logs, screenshots, reports, test results, and observations. The key characteristic is that it must be reproducible and not based on subjective opinion, allowing independent auditors to reach the same conclusion.
Maintaining comprehensive objective evidence is crucial for ISO certification audits, SOC 2 examinations, and regulatory inspections. Organisations should establish systematic evidence collection practices as part of their continuous compliance programme rather than scrambling to gather documentation before audits. This includes automated log collection, periodic control testing with documented results, and structured records of management decisions.