DirectiveLock

Evidence Pack

The Evidence Pack is the core deliverable: “paper” for management, audit, or insurer expectations. It documents what you implemented, who approved it, and proof that people were trained and tested.

Included artifacts (typical)
  • • Signed policy: Approved Channels (no payment orders via voice/video)
  • • Signed protocol: Out-of-Band Verification (Callback Standard + script)
  • • Approval Matrix (4-eyes / 6-eyes) + thresholds + role separation
  • • Vendor Bank Account Change Procedure (2 confirmations + cooling-off option)
  • • Registers: vendor change log, exception log, verification log (templates or completed)
  • • Training module + quiz results + completion log
  • • Scenario tabletop report + action plan (package-dependent)
  • • Management Summary (1–2 pages, package-dependent)
What makes it “audit-ready”
  • • Clear scope and versioning of policies
  • • Ownership: who initiates / approves / executes
  • • Evidence of training completion + quiz outcomes
  • • Documented scenario test and lessons learned
  • • Traceability via registers and logs
This is not a guarantee of incident prevention. It’s measurable risk reduction by enforcing verification and separation of duties.
Sample PDF

Use a sanitized sample to show management how evidence is structured.

Download Sample Evidence Pack (PDF)