← Get Audit Ready • ↑ Documents

<aside> 🧾

Goal: Show employees are held accountable through regular reviews, including security responsibilities.

</aside>

What the auditor wants

• Evidence of regular performance feedback cycles.
• Proof that employees are accountable for their responsibilities (including security-related expectations where applicable).

Sample size rule (important)

<aside> ⚠️

Auditors require evaluations for 5 employees or 10% of your organisation, whichever is greater.

If you have fewer than 5 employees, you must provide evaluations for everyone.

</aside>

How to clear this task

<aside> 📝

Option A: Use the built-in form

• Click + New Submission and complete the evaluation form for each employee in your sample.
• For each submission, make sure you fill in:
  • Review period end date
  • Employee name
  • Overall rating
  • Manager, Manager signature (name), and Manager signature date
• Repeat until you meet the required sample size. </aside>

<aside> 📎

Option B: Upload existing evaluations

• If you use an HRIS or documents elsewhere, click Upload Evidence and attach them.
• You can anonymize documents (for example, blur sensitive details) if preferred.

Small team reality check (2–3 people):

• If you do not run formal annual reviews, upload alternative evidence that shows:
  • A date, and
  • Some form of mutual sign-off
• Examples include documented 1:1 notes, an OKR spreadsheet with a “reviewed on” date, or an email thread summarising a quarterly performance and security sync. </aside>

<aside> 👤

Solo founders

Can be considered not relevant.

</aside>