Evidence Vault Overview
The Evidence Vault is Klarvo's secure repository for all compliance documentation, organized for rapid audit response.
What is the Evidence Vault?
The Evidence Vault stores, organizes, and manages all compliance evidence including:
Vendor documentation (DPAs, security docs, model cards)
Internal policies (AI acceptable use, oversight procedures)
Training materials (courses, completion logs)
Risk assessments (FRIA, DPIA, internal reviews)
Monitoring reports (performance data, bias tests)
Incident documentation (logs, postmortems)
Transparency notices (screenshots, disclosure copy)
Evidence Organization
Evidence can be attached to:
| AI System | System-specific documentation |
| Control | Proof of control implementation |
| Vendor | Vendor due diligence records |
| Policy | Supporting materials |
| Task | Task completion evidence |
| Incident | Incident investigation records |
Every evidence file includes:
Name & Description: What this document proves
Evidence Type: Policy, screenshot, report, attestation, etc.
Uploaded By/Date: Who added it and when
Status: Draft, Pending Approval, Approved
Expiration Date: When evidence needs refresh
Confidentiality: Internal only vs. shareable
Tags: Custom labels for filtering
Status Workflow
Evidence progresses through these states:
Draft → Pending Approval → Approved
↓
(if rejected)
Draft
Evidence Expiration
Many compliance documents have limited validity:
Vendor security certifications: Annual renewal
Training completions: Annual refresh
Risk assessments: Review triggers
Policies: Version control
Klarvo automatically:
Tracks expiration dates
Sends renewal reminders
Creates refresh tasks
Flags expired evidence
Search & Filtering
Find evidence quickly using:
Full-text search: Document names, descriptions
Type filters: Policies, screenshots, reports
Status filters: Draft, approved, expired
Entity filters: By AI system, vendor, control
Date filters: Upload date, expiration
Security & Access
The Evidence Vault includes:
Role-based access: View, upload, approve
Audit trail: All actions logged
Version history: Previous versions preserved
Encryption: At-rest and in-transit
Retention controls: Configurable policies
Best Practices
📁 Organize by entity: Link evidence to the system/control it supports
📅 Set expiration dates: Never forget renewal
✅ Require approval: For audit-critical documents
🏷️ Use tags consistently: Create organizational taxonomy
🔄 Regular review: Quarterly evidence hygiene