Vanta now gives you more control over how auditors interact with your account. These updated permissions help you safeguard key settings by restricting auditors from performing certain high-impact actions. This is especially helpful for administrators who want tighter control over the audit process and platform configuration. You can now prevent auditors from:
Creating new audits
Adding additional auditors to an audit engagement
Modifying control mappings
These restrictions can be applied individually, giving you flexibility to set boundaries that align with your compliance needs.
Where to Find Auditor Permissions
From the left-hand menu, go to Compliance
Click Settings
Scroll to the Auditor Actions section under Population data visibility in audits
Restrict Auditors from Creating New Audits
When this permission is disabled, auditors will no longer be able to add audits for your organization even if you've added them as your auditor.
To disable this option, turn off the setting labeled Auditors can add new audits.
Once disabled, only customer admins can initiate audits.
Restrict Auditors from Adding Other Auditors
By default, auditors can invite colleagues to an audit engagement. You can now turn this off to prevent changes to your auditor team.
To disable this option, turn off the setting labeled Auditors can add others to existing engagements.
Auditors will no longer be able to invite additional users.
Please note: The option may still appear in the interface but will be disabled (grayed out) depending on the customer's settings.
Restrict Auditors from Modifying Control Mappings
If you want to keep full control over which Vanta controls are mapped to audit requirements, you can stop auditors from making changes to these mappings.
To disable this option, turn off the setting labeled Auditors can modify control mappings.
Auditors will still be able to view the mappings but cannot edit them.