Evidence Index Structure (SharePoint / Drive / Confluence)

Evidence Index Structure (SharePoint / Drive / Confluence)

Zen AI Governance — Knowledge Base Templates & Toolkits Updated 20 Nov 2025 www.zenaigovernance.com ↗

Evidence Index Structure — AIMS / ISO 42001 / EU AI Act

Evidence Repository Template ISO 42001 / EU AI Act Alignment
+ On this page
Key takeaways
  • A consistent Evidence Index is mandatory for ISO 42001 certification.
  • Audit teams expect cross-referenced EV-IDs for every clause and requirement.
  • Drives traceability across DPIA, Risk Register, PMM, CAPA, Logs, and the Technical Documentation File.

Purpose & Objectives

The Evidence Index provides a complete catalogue of all artefacts used to demonstrate conformity with ISO/IEC 42001, EU AI Act, GDPR, and NIST AI RMF. It ensures consistency, traceability, version control, and audit readiness.

Folder Structure Overview

Recommended unified folder structure (SharePoint / Drive / Confluence):

/AIMS_Evidence_Repository
  /01_Policies
  /02_Procedures
  /03_Risk_Management
      /Risk_Register
      /DPIA_AI_Risk_Profiles
  /04_Training_Competence
  /05_Logs
      /Model_Logs
      /Access_Logs
      /PMM_Logs
  /06_Incidents_CAPA
      /Incidents_Reports
      /CAPA_Documents
  /07_Audits
      /Internal_Audits
      /Supplier_Audits
  /08_Technical_Documentation_File (TDF)
      /Annex_IV_Documents
      /Model_Cards
      /Datasheets
  /09_Dashboards_Reports
  /10_Governance_Records
      /Management_Review
      /Board_Minutes

EV-ID Naming Convention

Each evidence item is assigned a globally unique Evidence ID (EV-ID):

EV-[CategoryCode]-[TypeCode]-[SequentialNumber]

Examples:
EV-POL-001 → Policy document
EV-RSK-014 → Risk register entry
EV-INC-003 → Incident report
EV-TDF-021 → Technical documentation file
EV-AUD-010 → Audit fieldwork record
EV-PMM-006 → Post-market monitoring log

Evidence Metadata Schema

FieldDescriptionExample
EV_IDUnique evidence referenceEV-RSK-014
CategoryPolicy / Procedure / Risk / Audit / etc.Risk Management
Framework MappingISO, NIST, EU AI Act referencesISO 42001 §6.1; EU AI Act Art.9
DescriptionBrief summaryQ4 updated risk register with residual scoring
OwnerResponsible person/roleAI Risk Officer
DateCreation or update date2025-10-12
LocationURL/File pathDrive:/03_Risk_Management
RetentionRetention period7 years
VersionVersion controlv1.2

ISO/EU Mapping Table

Clause / ArticleEvidence TypeExamples (EV-IDs)
ISO 42001 §4–10Policies, procedures, logsEV-POL-001, EV-LOG-013
EU AI Act Art. 9Risk managementEV-RSK-014
EU AI Act Annex IVTechnical documentationEV-TDF-021
ISO 42001 §9.3Management ReviewEV-GOV-004
ISO 42001 §10CAPAEV-CAPA-007
NIST ManagePost-market logsEV-PMM-006

CSV Template (Evidence Index)

EV_ID,Category,Framework_Refs,Description,Owner,Date,Location,Retention,Version
EV-POL-001,Policy,"ISO §5; EU Art 10",Master AI Policy,Governance Lead,2025-09-01,Drive:/01_Policies,7y,v1.1
EV-RSK-014,Risk,"ISO §6.1; EU Art 9",Risk Register Q4,AI Risk Officer,2025-10-12,Drive:/03_Risk_Management,7y,v1.2
EV-PMM-006,Monitoring,"EU Art 72",PMM Log Snapshot,ML Ops Lead,2025-09-28,Drive:/05_Logs/PMM_Logs,5y,v1.0

Worked Examples

EV_ID: EV-TDF-021
Category: Technical Documentation
Framework_Refs: EU AI Act Annex IV
Description: Complete technical file including model card, data sources, training parameters
Location: Drive:/08_TDF
Version: v2.0
Retention: 10 years

Checklist for Compliance

  • ✔️ All evidence items must have unique EV-IDs.
  • ✔️ All EV-IDs must appear in the risk register, audits, and PMM dashboards.
  • ✔️ Evidence repository must be access-controlled (RBAC).
  • ✔️ Retention must match legal and regulatory requirements.
  • ✔️ Quarterly evidence review must be logged as part of the Management Review.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 20 Nov 2025 • This page is general guidance, not legal advice.

    • Related Articles

    • Internal Audit & Evidence Management (EU/UK aligned)

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 07 Nov 2025 www.zenaigovernance.com ↗ Internal Audit & Evidence Management (ISO/IEC 42001:2023) ISO/IEC 42001 – AIMS Internal Audit Evidence Management + On this page On this page ...

    • 2Logging & Traceability Requirements — Data Capture, Retrieval & Evidence Linkage

      Zen AI Governance — Knowledge Base • EU AI Act Compliance • Updated 17 Nov 2025 www.zenaigovernance.com ↗ Logging & Traceability Requirements — Data Capture, Retrieval & Evidence Linkage EU AI Act Compliance Traceability & Audit Logs + On this page ...

    • AI Audit & Evidence Management Policy

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 10 Nov 2025 www.zenaigovernance.com ↗ AI Audit & Evidence Management Policy ISO/IEC 42001 – AIMS Governance & Compliance EU/UK aligned + On this page On this page Overview & scope ...

    • Transparency, Records & Technical Documentation (EU AI Act aligned)

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 08 Nov 2025 www.zenaigovernance.com ↗ Transparency, Records & Technical Documentation (EU AI Act aligned) ISO/IEC 42001 – AIMS Transparency & Records EU/UK aligned + On this page On this ...

    • Tooling Ecosystem for AI Governance & Compliance — Platforms, Automations & Dashboards

      Zen AI Governance — Knowledge Base • Tooling Architecture • Updated 14 Nov 2025 www.zenaigovernance.com ↗ Tooling Ecosystem for AI Governance & Compliance — Platforms, Automations & Dashboards ISO 42001 ↔ NIST AI RMF Integration Governance Automation ...