by Tova Dvorin, November 12, 2023

time-icon 3 minutes read

Now more than ever, CISOs and GRC teams play a crucial role in ensuring the security and compliance of an organization. The role of Chief Information Security Officers (CISOs) and GRC teams in ensuring the security and compliance of an organization has never been more critical. One of the core aspects of GRC is the collection of audit evidence, a task that can be time-consuming and resource-intensive. Fortunately, there’s a game-changing solution on the horizon: Cypago’s Smart Evidence Sharing.

Smart Evidence Sharing: Revolutionizing GRC

Collecting audit evidence is often a complex and exhaustive process. Each framework and compliance standard comes with its unique requirements and nuances. Smart Evidence Sharing, a groundbreaking feature from Cypago, offers an innovative way to streamline this essential GRC activity. This feature allows you to decide precisely where and how evidence is shared, offering a high level of control and flexibility.

Smart Evidence Sharing in action in the Cypago UI.

Collect Once, Apply to Many

Smart Evidence Sharing provides the flexibility to tailor your evidence sharing to your organization’s specific needs. It enables you to decide whether evidence collected is shared not just across all frameworks, but within the complete combination of entity, framework, and control. This means you can be highly specific in determining what controls in which frameworks are applicable to which entities.

The Cypago Evidence Sharing Model

Cypago’s default sharing model is designed to save you time and effort by sharing evidence with all mapped controls by default. The foundation of this approach is Cypago’s pre-built mappings, which significantly reduce the workload by sharing evidence with controls and frameworks that are already mapped. This default setting is the efficient starting point for evidence sharing.

However, Smart Evidence Sharing allows you to take customization to the next level. You have the power to determine how evidence is shared, where it is shared, and with which controls or frameworks, offering a level of precision that ensures compliance with the necessary standards and aligning with your industry’s requirements.

Fully Utilize the Power of Smart Evidence Sharing

The power of this feature is not just in its flexibility, but in its ability to help you streamline your GRC processes. Here are a few ways it can transform your organization’s approach to GRC:

1. Resource Optimization

Resource allocation is a critical aspect of GRC. Smart Evidence Sharing ensures that you use your resources judiciously. By allowing the sharing of evidence across multiple frameworks, you can focus your resources on areas that matter most. This, in turn, helps you stay agile and respond effectively to emerging threats and regulatory changes.

2. Precision and Compliance

Maintaining the precision and compliance of your GRC processes is a top priority. Smart Evidence Sharing offers the flexibility to tailor your evidence collection to the specific frameworks that are essential for your organization. This ensures that you’re not only compliant but that you’re also aligned with the standards that matter most to your industry.

3. Enhanced Decision-Making

With Smart Evidence Sharing, data-driven decision-making becomes easier. You have the ability to analyze evidence and assess its relevance across different frameworks. This data-driven approach ensures that your organization is well-prepared for audits and that you can make informed decisions to strengthen your security posture.

Real-World Examples

Multi-Business Units with Varied Scopes

Suppose your organization has multiple business units or subsidiaries, each with different scopes for compliance, such as SOC 2. Some units may share policies and controls, while others have unique requirements. With Smart Evidence Sharing, you can define the sharing of evidence between entities and frameworks with full granularity, ensuring that evidence is shared only where it’s needed.

Managing Multiple ISO Standards

If your organization is working with various ISO standards like ISO 27001, ISO 27017, ISO 27018, and ISO 27021, and you want to share the Information Security Management System (ISMS) across them, you can do so with Smart Evidence Sharing. This feature allows you to selectively share evidence with the specific ISO standards and entities that require it without sharing it with other frameworks or controls.


In the rapidly evolving landscape of cybersecurity and compliance, Smart Evidence Sharing offers a competitive edge, allowing you to adapt quickly to regulatory changes. Make the smart choice and harness the power of Cypago’s Cyber GRC Automation (CGA) to revolutionize your GRC processes and safeguard your organization’s security and compliance.

Contact us today for a walkthrough and to learn more about how this revolutionary feature can benefit your organization’s GRC strategy.