Loading
Intermittent Errors with Salesforce Trial Org Registration Read More
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create Evidence Requests for IT Compliance

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Create Evidence Requests for IT Compliance

            Create compliance evidence requests to gather artifacts from subject matter experts for an audit. Each request specifies what evidence is needed, who should fulfill it, and when it's due. Requests can be created manually or autogenerated from an audit template.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To create evidence requests: Compliance Admin permission set

            An evidence request represents a specific piece of evidence that's needed to satisfy an audit control or requirement—such as a system configuration export, a user access review report, or a policy acknowledgment screenshot. Requests are assigned to the subject matter expert or team who owns the relevant system or process, and they move through a defined lifecycle from creation to fulfillment to verification.

            You can start a request from one of the out-of-the-box sample requests by cloning it, or create one from scratch when no sample fits.

            1. From App Launcher, open the Evidence Hub app.
              The Evidence Hub is a separate, restricted workspace from the IT Compliance app. Only users assigned an Evidence Management permission set can access it.
            2. Go to the Compliance Evidence Requests tab.
            3. Create the request.
              • To start from scratch, click New.
              • To start from a sample, open a [SAMPLE] request that fits your audit, click Clone, and edit the cloned record.
            4. Fill in the evidence request details:
              • Title. A descriptive name that tells the fulfiller exactly what evidence is being requested, like End-to-End Offboarding SLA Report (Access Revocation).
              • Type. The kind of artifact you expect back. Choose Documentation for policies and reports, Inquiry for written attestations, Observation for walkthroughs and screenshots, Configuration for system settings exports, or Implementation Details for procedure write-ups.
              • Compliance Audit. The parent audit this request rolls up to. Linking the request makes it visible on the audit's Evidence tab and ties it to the audit's scope and timeline.
              • Assignee. The SME or fulfiller responsible for providing the evidence. Notifications are sent to this user when configured.
              • Requested By. The compliance officer or audit program manager who owns the request.
              • Priority. High, Normal, or Low. Use this to help fulfillers triage their queue.
              • Due Date. The date the evidence is needed by. The due date drives the SLA timer and milestone tracking on the request.
              • Instruction. A clear, specific ask. State the expected evidence, the systems it should come from, and any acceptance criteria the fulfiller needs to meet.
              • Observation Statement. Optional. Use this field to capture findings or notes for the fulfiller as the request progresses, like a missing piece of evidence the assignee still needs to provide.
            5. Save the record.
              The request is created with status Draft and an auto-generated request number (for example, CER-000000009).
            Example: requesting evidence for an offboarding SLA audit
            Example: requesting evidence for an offboarding SLA audit

            Suppose your team is running an internal governance audit for least privilege verification, and you need proof that access for terminated employees is revoked within the 24-hour SLA. You create a single evidence request that the assignee can fulfill with artifacts from multiple source systems:

            • Title: End-to-End Offboarding SLA Report (Access Revocation)
            • Type: Implementation Details
            • Compliance Audit: [SAMPLE] Internal Governance Audit for Least Privilege Verification
            • Assignee: Rachel Anderson, IT Compliance Analyst
            • Requested By: Audit Program Manager
            • Priority: Normal
            • Due Date: 4/30/2026
            • Instruction: Provide evidence that access to all systems is being revoked within 24 hours of an employee's termination. Expected evidence: official termination date from HRIS, IT offboarding ticket from the ticketing system, suspended user status from the identity provider, and verification from Data Workspaces that all non-SSO local accounts were disabled.

            The assignee can now fulfill the request by uploading evidence artifacts from the Evidence Hub or, for employees who don't have a Salesforce license, from the IT Service employee portal. Once every artifact has been verified, mark the request as accepted to close out this phase of the audit.

             
            Loading
            Salesforce Help | Article