Evidence Collection
Evidence Collection is where governance profiles are built and filled. Each agent that needs to be governed gets a profile, and evidence is collected across eight categories until the profile is complete and approved.
Enterprise feature. AI Stewards create profiles and assign collection; AI Developers fill the evidence. Open it from AI Governance → Compliance → Evidence Collection.
The Evidence Collection list
The main view lists every agent's governance profile with its coverage %, risk level, selected frameworks, any drift alerts, and last updated time. Sort by coverage to find the profiles with the biggest gaps, or filter by risk level, framework, or whether drift alerts are present.
The eight evidence categories
Each profile collects evidence across these categories:
| # | Category | Captures |
|---|---|---|
| 1 | Use Case & Scope | Intended use, user groups, scope boundaries, deployment context, forbidden uses, monitoring |
| 2 | Risk Classification | EU AI Act / NIST risk level, assessment method, mitigations |
| 3 | Data Governance | Data sources, handling, retention, anonymization, encryption, PII controls, consent, lineage |
| 4 | Human Oversight | Human-in-the-loop requirements, escalation, approval chains, review cadence, overrides |
| 5 | Security & Abuse Prevention | Threat model, abuse scenarios, incident response, prompt-injection defenses, rate limiting |
| 6 | Bias & Fairness | Fairness metrics, bias testing, representative data, disparate-impact monitoring |
| 7 | Transparency & User Rights | AI disclosure, right to explanation, opt-out, feedback and complaints |
| 8 | Legal & Accountability | Data-protection compliance, liability, regulatory mappings, audit procedures, retention |
Forms of evidence
Within each category, evidence can be:
| Type | Use it for |
|---|---|
| Declarative | Answering structured questions directly in the form |
| Attestation | A signed, human-confirmed statement (carries an expiry, so it's re-confirmed periodically) |
| Attachment | Uploading a supporting document — a policy, test result, or screenshot |
| Runtime-Derived | Fields computed automatically from your trace data (e.g. latency-SLA adherence) — no manual entry |
Runtime-derived fields fill themselves. Because some evidence is computed from live traces, part of your coverage is maintained automatically — you only hand-fill the declarative, attestation, and attachment items.
Creating and filling a profile
Create the profile (Steward)
From Evidence Collection, create a governance profile for an agent and select the frameworks that apply (EU AI Act, NIST AI RMF, ISO 42001).
Assign the work (Steward)
Assign evidence collection to a developer via Jira or Slack, or fill it yourself. Assigned and broadcast work appears for developers under Available Requests.
Fill the evidence (Developer)
Work through the eight categories — answer declarative questions, sign attestations, and attach supporting documents. Coverage updates as you go.
Submit for review (Developer)
When the profile is complete, submit it. It moves to Pending Review for the steward — see Requests & Review.
Next steps
- Requests & Review — the steward/developer review loop.
- Framework Coverage — how approved evidence rolls up.