Overview
Compliance Evidence Mapping is a feature in the Guardz platform that helps users manage and export evidence aligned with major compliance frameworks. It displays a breakdown of how Guardz security controls support various regulatory requirements, allowing for quick access to mapped data, issue statuses, and downloadable CSVs, all from a single page.
Supported Frameworks
Users can select from the following compliance frameworks:
SOC 2
ISO 27001
HIPAA
GDPR
The content dynamically updates to reflect the selected framework’s specific requirements and mapped security controls.
Availability
This feature is currently available only within the Single Customer View. It provides per-customer compliance visibility based on the data collected across the Guardz platform.
How to Use It
1. Select a Compliance Framework
Use the "Select Type" dropdown at the top of the page to choose one of the supported frameworks. The page will expand with sections that represent each framework’s requirement, grouped and labeled accordingly.
2. Review Compliance Sections
Each compliance section (e.g., "Risk Analysis | 164.308(a)(1)(ii)(A)") includes:
How Guardz Helps: A description of how Guardz supports this specific control.
Security Controls: The active Guardz modules mapped to the requirement.
Status Bar and Evidence: The current issue status and download options per control.
Issue Status Bar (Per Control)
Each security control row includes a status column that summarizes its related issues. You’ll see:
A label such as “Issues handled” or “No issues (no data)”
A horizontal bar showing the number of open, in progress, and closed issues
Color-coded indicators for different issue states
A clickable element that redirects to the Issues page, filtered by:
The selected security control
The issue status (open, in progress, closed)
This allows users to quickly investigate or validate evidence, without needing to manually search.
Downloading Evidence
Each security control row may include download icons on the far right. Clicking these allows you to export relevant evidence in CSV format. There are two types of files available:
Issue-Based CSVs:
Includes a list of closed and in progress detections related to the control.Does not include archived or ignored issues.
Status CSVs: Reflects the configuration for the control.
Each CSV is tailored to its security control and evidence type, so field formats will vary.
Download Behavior and Troubleshooting
Browser Permissions
If multiple CSVs are available for a security control, your browser may block or restrict simultaneous downloads. Make sure that pop-ups and file downloads are allowed in your browser settings.
CSV Download Rules
Downloads are handled differently depending on the data type:
Status CSVs:
If no status data is available, a CSV will still be downloaded, but it will contain column headers only with no rows.Issue-Based CSVs:
If there are no closed issues related to the control, this file will not be downloaded at all.Both CSVs Missing:
If both status and issue data are unavailable, the download button will be disabled for that security control.
Disabled Rows
Rows may be disabled in the following scenarios:
The associated Guardz security control is inactive.
There are no closed detections, or in progress for that control.
No existing Security Business Report
These controls will not show downloadable evidence until they become active or have relevant data.
Data Coverage
Compliance Evidence Mapping aggregates evidence from all Guardz modules, including:
Cloud Directory Posture
External Footprint Scan
Dark Web Monitoring
Cloud Data Protection
Email Protection
Dark Web Monitoring
Endpoint Security
Secure Browsing
Security Awareness Training
Phishing Simulations
MDR Configuration