Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up Evidence Management for IT Compliance

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce IT Service

            Set Up Evidence Management for IT Compliance

            Set up Evidence Management for IT Compliance to configure how IT teams and employees manage audit artifacts. Turn on the feature, assign permission sets, connect external storage, and optionally configure SLAs, notifications, stage management, and other advanced controls.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service.
            User Permissions Needed
            To set up Evidence Management: Compliance Admin permission set
            1. From Setup, enter Salesforce Go in the Quick Find box, and then select Salesforce Go.
            2. Find the Evidence Management for IT Compliance Audits tile and select Keep Going.
            3. Turn on the Turn on Evidence Management for IT Compliance Audits toggle at the top of the page.
              Evidence Management is enabled in your org and the required steps below become actionable.
            4. Complete the required and optional setup steps in the sections that follow.

            Manage User Access

            Assign permission sets to auditors and admins who configure the system, compliance fulfillers who handle requests internally, and employee fulfillers who provide evidence from the IT Service employee portal.

            1. On the Evidence Management for IT Compliance Audits setup page, select Manage next to Manage User Access.
            2. Select the tab for the permission set you want to assign.
              The available permission sets are:
              • Compliance Admin permission set: Assign to audit managers and compliance officers who create audits, create evidence requests, and verify submitted artifacts.
              • IT Compliance Fulfiller permission set: Assign to internal users who work in the Evidence Hub app to upload artifacts and respond to evidence requests.
              • IT Compliance Submitter permission set: Assign to employees who fulfill evidence requests from the IT Service employee portal. This permission set is included in the IT Compliance Employee Permission Set License.
            3. Select the users you want to assign the permission set to and select Assign.
            4. Repeat for the other permission sets.
              Each tab shows the number of users currently assigned to that permission set, and the license card shows how many permission set licenses you've used out of the total available.

            You can also assign these permission sets from the standard Permission Sets and Permission Set Groups pages in Setup if you prefer to manage assignments outside Salesforce Go.

            Set Up Files Connect

            Connect Salesforce to external file sources such as Google Drive, OneDrive, and SharePoint so that fulfillers can attach evidence artifacts directly from those sources, without having to download and re-upload the files.

            Files Connect is a standard Salesforce platform feature. Once it's enabled and your external data sources are configured, the sources appear automatically in the file picker on every Compliance Evidence Artifact record.

            1. On the Evidence Management for IT Compliance Audits feature page, select Go to Setup next to Set Up Files Connect.
            2. On the Files Connect Settings page, enable Files Connect and adjust the file sharing and link conversion settings to suit your org's policies.
            3. Add and authenticate the external data sources you want fulfillers to be able to attach files from.
              For detailed instructions on configuring Files Connect and external data sources, see Salesforce Files Connect in Salesforce Help.

            Turn On Evidence Artifact Download from Evidence Viewer

            By default, evidence artifacts are reviewed inline in the evidence artifact previewer and can't be downloaded. Turn on this setting if your compliance process requires authorized users to be able to download artifact files from the previewer.

            Keeping downloads off is the more conservative choice — it reduces the risk that copies of sensitive evidence end up outside the system of record. Turn downloads on only if your auditors need offline copies of the evidence.

            On the Evidence Management for IT Compliance Audits setup page, turn on the Turn On Evidence Artifact Download from Evidence Viewer setting.
            Authorized users can now download artifact files directly from the evidence artifact previewer.

            Unlock Advanced Functionality

            The advanced settings let you tighten data quality, customize the evidence types your org uses, and integrate Evidence Management with the standard IT Service automation capabilities like SLAs, notifications, and stage management. All of these settings are optional — turn on only what your compliance program needs.

            1. Create date validation rules on the Compliance Audit and Compliance Evidence Request objects.
              Use validation rules to enforce timeline rules like "Audit Execution End Date can't be earlier than Audit Execution Start Date" or to block the creation of records with invalid data. Select Go to Setup next to Create Date Validation Rule to open the standard Validation Rules page in Object Manager.
            2. Manage evidence request types.
              The Type picklist on the Compliance Evidence Request object controls how requests are classified — for example, Documentation, Inquiry, Observation, Configuration, or Implementation Details. Add, deactivate, or rename values from Object Manager to match your audit program's taxonomy.
            3. Define rules and criteria for evidence records using stage management.
              Stage management lets you define stages and step-level criteria for Compliance Evidence Requests and Compliance Evidence Artifacts, so records move through your defined workflow in a consistent, controlled way. To learn how stage management works in IT Service, see Stage Management for Agentforce IT Service.
            4. Manage compliance service level agreements.
              Set up SLA policies and milestones on evidence requests so the system can track due dates, escalate at-risk requests, and report on compliance to internal SLAs. For details on how SLAs work in IT Service, see How Operational Level Agreements and Service Level Agreements Are Used in IT Services.
            5. Set up notification channels.
              Multi-channel notifications keep evidence fulfillers, assignees, and compliance reviewers informed when an evidence request is submitted, rejected, or reassigned to them. Evidence Management ships with notifications such as Evidence Submitted Notification, Evidence Notification for Rejected Requests, and Compliance Evidence Request Notification, which you can enable across email, in-app, Slack, and Teams channels. For details on configuring notification channels, see Notifications for IT Services.

            Provision Your Org with Sample Data

            Populate your org with sample compliance audits, evidence requests, and artifacts so your team can safely explore and validate your Evidence Management configuration before going live.

            Sample records include compliance audits for ISO 27001 and PCI-DSS frameworks, plus common evidence requests prefixed with [SAMPLE] so they're easy to identify and clean up later.

            1. On the Evidence Management for IT Compliance Audits feature page, select Deploy next to Deploy Sample Data.
            2. Select which kinds of sample data you want to load — sample compliance audits, sample evidence requests, or both.
            3. Confirm the deployment.
              Sample records are added to your org. They appear in the Evidence Hub app prefixed with [SAMPLE].
             
            Loading
            Salesforce Help | Article