HomeGlossary › Continuous Compliance Evidence
Glossary

What is continuous compliance evidence?

Replacing point-in-time audits — annual SOC 2 review, quarterly internal attestation — with always-on, time-series proof that security controls are operating effectively across the entire audit period. The evidence is written to an immutable log; auditors read the log directly.

The cost of point-in-time evidence

A traditional SOC 2 audit asks for screenshots, exports, and signed attestations from operators and engineers. Each evidence item captures a single moment. Building the evidence binder consumes weeks of senior engineer time before each audit, and the binder represents one observation — the audit period is 365 days, the evidence is 50 photographs of one afternoon.

Continuous evidence inverts the model. Every control test executes automatically every scan interval, every result writes to a log, the log is the evidence binder. There is no "audit prep" sprint, only "let the auditor read the log".

What the log looks like

A row per check execution:

2026-06-22T08:15:32Z  device:dx3-laptop-04  check:disk_encryption_filevault   pass  evidence:fdesetup status: FileVault is On.
2026-06-22T08:15:32Z  device:dx3-laptop-04  check:firewall_alf_enabled        pass  evidence:socketfilterfw --getglobalstate: enabled
2026-06-22T08:15:32Z  device:dx3-laptop-04  check:ssh_password_auth_disabled  pass  evidence:sshd_config: PasswordAuthentication no
2026-06-22T08:15:32Z  device:dx3-laptop-04  check:os_updates_pending          fail  evidence:softwareupdate --list: 2 updates pending
    

Multiply by 190+ checks per device × N devices × scan interval × audit period and you have a complete, queryable, time-stamped record. An auditor asking "show me proof that production laptops had disk encryption enabled in Q3 2026" gets the answer in one query.

Framework mapping

The trick that makes continuous evidence useful for compliance is mapping each check to the relevant framework controls. The same "firewall is enabled" check produces evidence for CIS Level 1 9.2, NIST 800-53 SC-7, SOC 2 CC6.6, PCI DSS 1.4, ISO 27001 A.13.1, and several others simultaneously. The dashboard's per-framework view groups the evidence by control so the auditor sees their familiar control catalogue, not Lorika's check names.

Related terms

Replace screenshot-based audits with continuous evidence

Free for up to 10 devices. 8 frameworks mapped, immutable log, queryable per control.

Get started free →