Setting up Evidence Source: File Storage

Automated Evidence Collection (AEC) Now Supports File Storage, enabling automated evidence collection from Google Drive, SharePoint, OneDrive, Box, and Dropbox. You can now set up automations to pull files—such as existing evidence stored in your repository or the latest policy documents—from your cloud storage, either on demand or on a recurring schedule.

Connect to a File Storage Source

Follow these steps to connect your file storage account to Risk Cloud for automated evidence collection:

1. Navigate to Compliance > Evidence Sources

2. Scroll to the File Storage Sources section and click Add File Storage Source. A window will appear showing available file storage options.

3. Select the file storage provider you’d like to connect (e.g., Google Drive, SharePoint, OneDrive, Box, Dropbox).

4. Follow the on-screen instructions to authenticate.

• When prompted to Select your account type, choose Read-only for non-admin users, as Risk Cloud only requires read access to collect evidence.
• Review the data you are granting read access to before continuing.
• This allows you to enable the file storage source at the environment level.

5. Once setup is complete, the connected file storage source will appear with an Enabled status.

• Click the gear icon next to a source to disable, delete, or relink the integration at any time.

Set up AEC using the File Storage Source

1. Once your file storage source is connected and shows an Enabled status, navigate to the relevant record (e.g., a Control Requirement) to create AEC. See Create and Configure AEC Automations for details.

2. Open the Create New Automation modal under Evidence Collections Automations. Under Where is the evidence coming from, your connected file storage source will appear in the dropdown menu (e.g., Google Drive).

3. Click Open [File Storage Source] File Picker. A new window will open to let you select your evidence file(s).

4. If it's the first time you use the file picker, you'll be prompted to authenticate with your own file storage account.

• ⚠️ This is separate from the admin-level authentication used to enable the source. This step connects to your individual account and determines what files you can access.
• When prompted with How would you like to authenticate, select My credentials to connect user's file storage account.
• When prompted to Select your account type, choose Read-only for non-admin users, as Risk Cloud only requires read access to collect evidence.

6. Use the file picker window to navigate and select the appropriate files.

7. Confirm your selected files, or make edits as needed.

8. Configure when and how often the evidence should be collected.

9. Click Save to enable the automation. You will see the automation listed with an Enabled status.

10. Click Run Now to test the automation and ensure evidence is collected properly.

11. Once the collection is complete, the latest evidence files will appear in the table. You can also click the automation link to view collection details and history.

Congratulations! You've successfully set up Automated Evidence Collection using a file storage source.