← Get Audit Ready • ↑ Documents

<aside> ✅

Goal: Provide evidence that leadership takes security seriously and discusses it at a high level.

</aside>

What the auditor wants

• Meeting minutes from your most recent board, management, or risk committee meeting showing security topics were discussed.
• “Independence” evidence (for larger organisations): proof that governance includes people who are not full-time employees.

How to clear this task

<aside> 📎

Option 1: Upload existing minutes

• Click Upload Evidence.
• Upload your existing minutes (PDF, email agenda, or similar) from the most recent relevant meeting.
• To show Independence, also upload screenshots of LinkedIn profiles or CVs for any external board or advisory members. </aside>

<aside> 📝

Option 2: Small teams (or no formal minutes) — use the built-in form

• Click + New Submission to open the built-in form with a pre-loaded template.
• Fill in details of your latest internal Management Meeting.
• Do not remove the sections covering security and risk topics.
• If you have external advisors, you can still use Upload Evidence to add LinkedIn profiles to show outside oversight. </aside>

<aside> 👤

Solo founders

Meeting Minutes can be disregarded.

</aside>

<aside> 🤖

Going for ISO 42001 (AI)? Read this

If you are getting audited for ISO 42001, the auditor needs extra proof that leadership oversees your AI Management System (AI MS).

In your minutes, explicitly document:

• Management reviewed internal and external issues related to AI.
• Management considered potential AI impacts.

Extra evidence needed (upload as “Leadership Action”):

• A signed commitment statement, or
• An executive team email, or
• Meeting records showing management:
  • Aligns AI objectives with business goals
  • Provides resources for AI security
  • Promotes continual improvement </aside>