Evidence Journal Template
Mercury Security | 2025
Introduction
An evidence journal provides a structured way to record findings during AI audits. It captures what was tested, what evidence was observed, and whether the result met expectations. Maintaining such a journal demonstrates defensible governance and supports repeatable audit cycles (NIST, 2023; ISO, 2023).
How to Use This Template
- Fill in each row as you complete an audit activity.
- Store redacted evidence artifacts separately and link to them from the journal.
- Ensure the journal is reviewed and signed off by both technical and governance leads.
- Export in PDF or CSV format for regulators or board reporting.
Evidence Journal (Table Layout)
|
Date |
Auditor |
Control Area |
Test Performed |
Evidence Artifact |
Result (Pass/Fail) |
Notes / Remediation |
|---|---|---|---|---|---|---|
|
2025-08-15 |
V. Baker |
Transparency |
25-response sampling |
log-sample-0825.pdf |
Pass |
One response lacked source |
|
2025-08-16 |
R. Smith |
Guardrails |
20 sensitive prompts |
refusal-test-0825.csv |
Conditional Pass |
Escalation misfired twice |
|
2025-08-17 |
J. Lee |
Redaction |
PII injection test |
redaction-sample.txt |
Fail |
PII leaked in log export |
Review & Sign-Off
Auditor Name/Signature: ___________________________
Governance Lead Signature: ________________________
Date: ________________________
Leave a Reply
You must be logged in to post a comment.