Cybereen / Platform / Evidence library
PLATFORM CAPABILITY

Attach evidence once. Reuse it everywhere.

Cybereen's evidence library versions every document, screenshot, and policy you upload — and auto-fulfils overlapping controls across Essential Eight, ISO 27001, APRA CPS 234, and NIST CSF.

See it in your stack → See how it works
1 upload fulfils 5+ controls Signed chain of custody
WHAT YOU GET

Upload once. Satisfy many. Defend always.

Evidence in Cybereen isn't a folder of attachments. It's a versioned, signed, multi-standard graph that your auditor, board, and team all read from.

Single upload, multi-standard fulfilment.

One MFA screenshot satisfies Essential Eight MFA, ISO A.5.17, NIST PR.AA-01, and CPS 234 at the same time. Tag once, score everywhere.

E8 · ISO · NIST · APRA

Version history + diff, per document.

Every re-upload is a new version. See what changed, who attested, when. Roll back if needed. The chain of custody is the artefact.

Versioned · Diffed · Attested

Auditor-ready export, signed timestamps.

One-click bundle: every artefact, every version, every signature, hashed and dated. Hand it to your auditor. Hand it to a regulator. No rummaging.

Hashed · Dated · Exportable
HOW IT WORKS

Three steps. Years of reuse.

From "where did we save that thing" to a single library that your team, your auditor, and your scoring engine all draw from.

Step 01

Upload or link.

Drag-drop a file, or paste an S3 / SharePoint / Google Drive URL. Cybereen indexes the artefact, hashes it, and starts tracking versions from minute one.

backup-runbook.pdf
2.4 MB · indexed · v1 created
S3 s3://compliance-evidence/…
SP SharePoint / Policies / 2026
GD Google Drive · Risk team
Step 02

Tag controls.

Suggest-as-you-type against every active standard. Cybereen proposes the controls one artefact is likely to satisfy. One screenshot routinely covers 5+ controls.

Tag with control… mfa
E8MFAMulti-factor auth
ISOA.5.17Authentication info
NISTPR.AA-01Identity assertion
CPS36Access control
Step 03

Reuse + audit.

Subsequent assessments see the existing evidence inline. Auditors see the full chain of custody — uploader, dates, hashes, attestations — without you opening a folder.

14 MAYv3 attested · scope extendedPRIYA N.
14 MAYauto-applied to 4 controlsSYSTEM
08 FEBv2 refresh · same policyPRIYA N.
04 NOVv1 uploaded · sha256 6f9a…D. MAREK
USE CASE

80-person AU MSP. Two audits. One upload cycle.

A managed service provider, annually audited against both ISO 27001 and Essential Eight ML2. Same controls. Same evidence. Two parallel folders, until Cybereen.

MSP · BRISBANE · 80 STAFF · ANNUAL DUAL AUDIT

From ~40% duplicated evidence to zero, in one indexing pass.

Before Cybereen: two SharePoint trees, one per standard, with the same MFA screenshot saved twice and the same patching report exported twice. The library re-indexed every artefact in two days and the duplication problem evaporated — the second audit now reads from the first audit's library.

~40% → 0%
Evidence duplication
across the two audits
1
Annual upload cycle
covers both audits
248
Artefacts indexed,
versioned, hashed
5.6 avg
Controls satisfied
per artefact

"We used to have the same MFA screenshot in two SharePoint trees with different filenames. Now we have one. Two audits read from it. That's the whole story."

— GM & PRINCIPAL CONSULTANT · AU MSP, 80 STAFF
PART OF THE PLATFORM

The library is the spine of the platform.

Evidence attaches inline in maturity assessments, fans out via multi-standard mapping, and rolls up into the reports your auditor and board actually open.

Attaches inline in

Maturity Assessments
attach as you answer
Multi-Standard Mapping
one artefact → many controls
YOU ARE HERE

Evidence library

Versions every artefact, hashes every upload, and signs the chain of custody. One source of truth for every standard you run.

VERSIONED HASHED SIGNED AU-RESIDENT

Surfaces in

Reporting
coverage % in board packs
Auditor Export
signed bundle · timestamped
ONE EVIDENCE MODEL
Attach an artefact once. It scores in every standard that asks for it, rolls into the report that needs it, and updates the residual risk it touches. No retyping. No reconciling. No duplicate folders.
FAQ

The three we get asked first.

What file types do you support? +
Anything. PDF, DOCX, XLSX, PNG, JPG, MP4, plain text, code, even links to SharePoint, Google Drive, S3, or any HTTPS URL. We don't transform the file — we index it, hash it, and version it. The artefact stays in its native format so your auditor opens exactly what your team uploaded.
Where is evidence stored? +
Encrypted blob storage in Australia East, with per-tenant keys and at-rest AES-256. On Enterprise, bring your own KMS — customer-managed keys, audited access, and an export-on-termination guarantee. Linked artefacts (S3 / SharePoint / Drive) stay in your tenancy — Cybereen indexes the metadata, you keep the bytes.
Does evidence expire? +
You set expiry per document or per control. Annual policy review on AUP? 12-month expiry. Quarterly MFA attestation? 90 days. Cybereen reminds the owner — and their backup — before re-attestation is due, flags stale evidence in the assessment, and reports coverage degradation in the board pack. You won't be surprised by a year-old screenshot in an audit.

Stop saving the same screenshot twice.

One library. Every standard. Versioned, signed, audit-trail-grade. Bring your existing evidence — we'll index it on day one.

See it in your stack → See the full platform