Help Article
5 min read
Reviewed 2026-02-25

Evidence scan states and upload release workflow

Understand what `PENDING`, `CLEAN`, `QUARANTINED`, and `FAILED` evidence states mean before attaching or downloading files.

Compliance Lead
Org Admin
Manager

Evidence stays private until clean

Uploaded files cannot be attached or downloaded until scan status reaches CLEAN.

Summary

  • Understand what `PENDING`, `CLEAN`, `QUARANTINED`, and `FAILED` evidence states mean before attaching or downloading files.
  • Use this guide to complete the workflow with audit-ready evidence and ownership.
  • If you hit a blocker, run troubleshooting first, then escalate with context.

Steps

  1. 1. Upload supported files only

    Use PDF, DOCX, XLSX, PNG, JPG, or JPEG files that match the allowed file signature checks.

  2. 2. Wait for the scan result

    New uploads begin in `PENDING` until the scanner marks them `CLEAN`, `QUARANTINED`, or `FAILED`.

  3. 3. Attach only clean evidence

    Attach files only after the scan passes. Pending, quarantined, and failed evidence remains blocked from both attachment and download.

  4. 4. Escalate quarantined or failed files

    If a file is QUARANTINED or FAILED, replace it or send the scan result to operations for review instead of forcing attachment.

Verification

  • Clean files show a download link and attach successfully.
  • Pending or quarantined files remain blocked from attachment.
  • Pending, quarantined, and failed files remain blocked from download.
  • The evidence list shows the current scan state for each upload.

Troubleshooting

A file stays pending for too long.

Check the evidence scan worker, ClamAV connectivity, and the evidence scan drain endpoint before re-uploading.

A file is quarantined or failed.

Treat the file as unusable evidence. Replace it with a clean copy or ask operations to review the scan result and worker logs.

Workflow screenshots

Compliance controls dashboard with implementation status
Track control implementation, ownership, and evidence readiness.

Was this article helpful?

Next article

Generate audit packs and evidence exports

Use exports at the end of the baseline-to-rollout-to-evidence path so audit packs reflect published policies, rollout proof, and clean evidence.

Continue to next guide

Related articles

Generate audit packs and evidence exports

Use exports at the end of the baseline-to-rollout-to-evidence path so audit packs reflect published policies, rollout proof, and clean evidence.

5 min read

Evidence management and attachment best practices

Attach evidence to controls, policies, and incidents with complete context metadata.

5 min read

Create your organization and choose the right starting plan

Set up your first organization with the plan that matches rollout depth and governance needs.

5 min read

Need direct support?

If this workflow remains blocked after troubleshooting, submit a support request with the page URL, expected behavior, and relevant error details.