What the pack needs to answer
- Which exact group was scanned
- Which supported Jira surfaces were in scope
- Which findings still block cleanup
- How severity was assigned
- Whether the evidence can be verified later
Evidence example
Group Impact Audit for Jira evidence pack example
This is the shape buyers should expect from a read-only Jira group cleanup review: exact scan context, findings by severity, history markers, and a verification step that can be performed later.
Group name, scan timestamp, supported surfaces, and the run identifier must be explicit so another reviewer knows exactly what was inspected.
Permission-scheme and project-role references need enough detail to show what still depends on the group without reopening Jira.
If there is a baseline or previous clean state, the pack should show whether the current result drifted or improved.
A manifest and verification step reduce the need to treat screenshots as proof.