Skip to main content

Information Request List (IRL) in Vanta: Early Access

S
Written by Shannon DeLange
Updated today

Please note: This feature is currently in early access. Please reach out to your CSM to see if you’d be a good fit for testing out the new feature prior to general availability.

What is the Information Request List (IRL)?

Vanta’s Information Request List (IRL) feature helps you manage and respond to auditor requests directly within Vanta. Instead of handling audit preparation through external spreadsheets or long email threads, IRL brings your auditor’s request list into Vanta, streamlining communication, centralizing evidence management, and improving visibility for your team.

Key Benefits

  • Centralize audit request tracking

  • View how requests map to relevant framework controls

  • Collaborate with your team and auditors through comments

  • Show point-in-time documents and tests

  • Mark evidence as ready for internal review or ready for audit

  • Monitor status and deadlines across all requests in one place

How To Get Started

Upload an IRL to Vanta

You or your auditor can upload an information request list directly into Vanta.

  • Navigate to the Audit Hub in Vanta

  • Create a new audit using advanced option: Custom IRL

  • Click Upload Request List

  • Upload a CSV file (each request must be uniquely named and mapped to at least one framework code)

    • Codes are available for download for reference by selecting download Excel Template

  • Vanta will validate the requests and import them into your IRL view.

View and Manage Requests

Once uploaded, each request includes metadata such as:

  • Request name

  • Type

  • Description (if provided)

  • Due date

  • Evidence status

Metadata can be edited only by your auditors. In the future, you will also be able to edit the metadata.

Upload Evidence to a Request

Evidence can be manually uploaded by team members.

Types of evidence supported today:

  • Documents (PDF, Word, etc.)

  • URLs (e.g., links to Google Drive or policies)

  • Observability notes

Uploading Evidence to a Request

  • Click into a request

  • Select + Evidence

  • Upload a file, paste a URL, or enter observability notes

Mark Evidence as Ready for Review or Audit

Once evidence is added, it can be marked for internal or auditor review.

  • Click ready for internal review or ready for audit in the top right of your screen

    • Ready for internal review: For peer/team verification

    • Ready for audit: Shared with the auditor

Comment on Requests

You can comment internally or share with your auditor.

  • Open a request

  • Use the Comments section

  • Select whether your comment is internal or shared with auditor

Understand Evidence Capture Dates

Some requests may specify a capture date, meaning evidence can’t be uploaded until that date.

  • These dates are typically defined by your auditor

  • You’ll see a note on when evidence can be added if the evidence window hasn’t opened yet

What You Can Do Today

  • Upload your auditor’s IRL or have the auditor upload it directly

  • Upload evidence manually, including documents and URLs

  • Mark evidence as ready for internal review or ready for audit

  • Admins can approve evidence for internal or auditor review

  • Auditors can evaluate submitted evidence

  • Add comments for internal collaboration or with the auditor

  • View request details including type, due date, and description

  • Track overall audit readiness and progress

Please Note: Vanta Evidence (automated document linking and collection) is coming soon. For now, all evidence must be uploaded manually.

Information Request List (IRL) Roadmap

(Sep – Oct 2025)

New features planned for release in the coming weeks:

  • View and upload documents that are automatically mapped to controls as evidence

  • See related controls on each request and add new control mappings

  • Assign owners to requests to drive accountability

(Nov – Dec 2025)

The following capabilities are planned for later in 2025:

  • View and upload policies mapped to controls as evidence

  • Search and add all documents and policies in a framework as evidence

  • Email notifications for:

    • Requests marked ready for review

    • Requests with approaching due dates or capture dates

    • Comments added to requests

    • Auditor-flagged requests

  • Ability to filter and sort requests by status, due date, owner, etc.

  • Assign or reassign request owners

Planned for 2026

We are planning additional enhancements to support more advanced workflows:

  • View and upload automated test results as evidence

  • Add version-specific documents or policies as evidence

  • Add a controls page to audit engagements

  • Perform bulk actions across multiple requests

  • Preview evidence files before submission

  • Support multi-framework audits

  • AI-powered control mapping based on auditor criteria

  • AI-powered evidence evaluation

Related Articles
Audit Evidence
Audits Page
How will your Auditor use Vanta?
Vanta GRC Implementation Guide
Audit Preparation: Pre-Observation Touchpoint