How do I take screenshots that SOC 2 auditors will accept?
March 6, 20262 min readSOC 2 Evidence Collection
What Auditors Want in a Screenshot
A screenshot is the most common form of SOC 2 evidence. Auditors accept screenshots when they can answer three questions from the image alone:
- What system is this? (URL bar, page title, or header visible)
- What control is demonstrated? (setting clearly shown)
- When was this captured? (timestamp visible)
Screenshot Best Practices
| Do | Don't |
|---|---|
| Include the browser URL bar | Crop to just the toggle or setting |
| Show the date/time (system clock or page timestamp) | Capture without any time reference |
| Use full-page or section captures | Take tiny, context-free crops |
| Name files descriptively (e.g., "github-branch-protection-main-2026-03.png") | Name files "screenshot1.png" |
| Capture production environments | Capture staging or test environments |
| Include the logged-in user context | Leave ambiguity about which account |
Common Screenshot Types
| Control | What to Capture |
|---|---|
| MFA enforcement | Identity provider settings showing MFA required for all users |
| Branch protection | GitHub settings page showing required reviews and status checks |
| Encryption at rest | Database or storage settings showing encryption enabled |
| Access controls | User list with role assignments visible |
| Firewall rules | Security group or WAF configuration |
| Backup settings | Backup configuration showing schedule and retention |
How Many Screenshots?
For a SOC 2 Type I audit, expect to provide 50-100 screenshots across all controls. For Type II, you'll need configuration screenshots plus population samples (e.g., 25 PRs showing reviewer approval).
The Timestamp Problem
The most common screenshot rejection is missing timestamps. Solutions:
- Keep your system clock visible in the screenshot
- Use browser extensions that overlay timestamps
- Use the page's own "last modified" or audit log timestamps
- Document the capture date in a separate evidence log
Where Screenata Helps
Screenata automates screenshot-based evidence collection by recording your application workflows with built-in timestamps, user context, and control metadata. Instead of manually navigating to each settings page and capturing screenshots, Screenata generates audit-ready evidence automatically.