Vanta provides flexible control over the population data that auditors can access during an audit. This feature is particularly useful for security and compliance administrators who want to maintain transparency and control throughout their audit cycle.
Population data refers to the data points collected from your integrations (such as User ID or Database name) that help auditors assess compliance. It provides them with the visibility they need to select accurate and representative samples. Without access to this data, auditors can’t effectively confirm whether your controls are functioning as intended.
You can choose between two auditor views, Full View and Controlled View, based on your preferences for automation, transparency, and control.
Full Auditor View (Default)
The Full View offers auditors access to the entire population dataset and all related attributes. This allows them to self-serve and select samples directly in Vanta without assistance. It’s the fastest and most automated way to complete audits.
Plan Availability: Core, Plus, Growth, and Scale
Controlled Audit View
If you need to limit what auditors can see due to data sensitivity or internal policies, the Controlled View allows you to display only a subset of population attributes. Auditors can still select samples, but you’ll need to fulfill their requests manually, as they’ll not have access to all attributes.
Plan Availability: Growth and Scale only
When to Use Each View
Full View: Ideal for speed, efficiency, and automation.
Controlled View: Best when you want to limit exposure due to sensitive or restricted data.
Audit View Comparison by Section
Each section below includes a brief description and a table comparing the features auditors can view in Controlled View versus Full View.
Risk
Risk data helps auditors understand how your company identifies and manages security or operational threats. This information comes from your risk register and includes detailed scenarios and statuses.
If you're using the Controlled View, auditors only see the fields that you've explicitly marked as visible. In the Full View, they see everything, including custom and extended risk data.
Controlled Audit View | Full Audit View |
Risk snapshot fields:
| All fields, including:
|
Vendors
Vendor data allows auditors to assess the third parties your organization works with, including review schedules and security posture.
The Controlled View limits visibility to active vendors and standard fields. In the Full View, auditors can view a comprehensive history and explore more detailed information.
Controlled Audit View | Full Audit View |
Active vendor fields:
| Vendors (active + archived) and security reviews are shown on separate pages. Information is clickable, including:
|
Assets
Asset data encompasses a wide range of items, including computers, databases, alarms, vulnerabilities, and more. It helps auditors verify how you monitor and protect your technical infrastructure.
The Controlled View shows only selected inventory and code change attributes. The Full View displays all asset types and fields.
Controlled Audit View | Full Audit View |
Inventory fields:
Code changes fields:
| Full visibility into:
|
Personnel
Auditor access to personnel data lets them verify onboarding, offboarding, group membership, and system access for employees and contractors.
The Controlled View offers a summarized version with static tables. In the Full View, auditors can drill down into tasks, group membership, and access accounts.
Controlled Audit View | Full Audit View |
People:
Groups:
Account access:
Tables are not clickable | Full access, including clickable rows in People and Groups tables that reveal:
|
Integrations
Integrations demonstrate how you collect evidence and monitor infrastructure using automated tools.
The Controlled View offers basic metadata. The Full View provides complete insight into integration configuration and status.
Controlled Audit View | Full Audit View |
Connective integration fields:
| Full access to:
|
Organizations
This section shows your company’s general information and audit notification preferences.
This is the only section that is identical in both Controlled and Full Views.
Controlled Audit View | Full Audit View |
Company info fields:
Notifications:
| Same as Controlled View |