While i read and get all the policies approved, there is no evidence been asked on the portal.
For ex: employee appraisal system is asked for in HR policy, or Backup policy talks about the provision to store data in a different geographical region.
I dont have all of these as a startup but i intend to get them when needeed in a few month. Will the auditor ask for evidence now on these? Trustcloud is not asking to attach evidence on any of these – just an approval.
As part of reviewing the policies, please ensure that all the controls listed on your policy is something that is currently in place within your organization and that you can provide evidence to show that those controls are implemented. For small organization like yours you can move these controls (such as performance reviews and backup zones) as planned controls (something on your roadmap to mature into rather than adopted controls and remove those linkages from the policy.