This table classifies audit artifacts by evidentiary weight. It compares four tiers: primary machine-verifiable evidence, supporting artifact, manual claim, and invalid evidence. For each tier, it states whether the artifact can support policy evaluation and gives examples such as API responses, config exports, screenshots, UI captures, email confirmations, vendor statements, hash mismatches, missing source context, stale exports, and edited images.

(Please use a modern browser to see the interactive version of this visualization)

Chart: CodeYourComplianceGet the dataCreated with Datawrapper