Evidence Collection
Automated Evidence
| Evidence | Source | Frequency |
|---|---|---|
| Security scans | GitHub Actions logs | Per commit |
| Access logs | CloudWatch/CloudTrail | Continuous |
| Configuration | Terraform state | On change |
Manual Evidence
| Evidence | Owner | Frequency |
|---|---|---|
| Access reviews | Security | Quarterly |
| Policy reviews | Security | Annual |
| Penetration test | External | Annual |
Storage
Evidence stored in secure S3 bucket with versioning enabled.