Sharing evidence cleanly saves you and your assessor time. A scoped, read-only view is the easiest route — far better than emailed zips.
Approve evidence in your workspace
Only approved items should reach the assessor. Drafts stay private.
Invite the assessor as read-only
Send a scoped invite, not a full collaborator account.
Let the assessor review in place
No downloads-by-email cycle. The assessor reads approved items in the portal.
Use threaded comments per item
Questions and answers live on the evidence they reference, not in scattered emails.
Revoke access at the end
Once assessment is complete, revoke the assessor's access. Keep the audit trail.
Practical examples
Approve and tag
Mark an MFA export as approved and tag it to ‘User access control’.
Assessor invite
Email invite that grants read-only access to approved evidence only.
Comment thread
Assessor asks a clarifying question on the patch report; you reply on the item.
Common mistakes
Sharing a whole cloud drive
Broad share links expose drafts and unrelated material.
Emailing zip files
Zips are stale the moment they're sent and break version control.
Forgetting to revoke
Leave access in place and you lose visibility of who saw what.
Build this properly in Evaud
Start a free workspace and organise your Cyber Essentials evidence in one place.
Frequently asked questions
Evaud helps organise Cyber Essentials evidence and readiness information. It is not a certification body and does not guarantee certification.