Skip to main content

Information Request List (IRL) in Vanta: Public Preview

S
Written by Shannon DeLange
Updated over 2 weeks ago

Feature availability: Vanta’s Information Request List (IRL) feature is currently in public preview.

What is the Information Request List (IRL)?

Vanta’s Information Request List (IRL) feature helps you manage and respond to auditor requests directly within Vanta. Instead of handling audit preparation through external spreadsheets or long email threads, IRL brings your auditor’s request list into Vanta, streamlining communication, centralizing evidence management, and improving visibility for your team.

Key Benefits

  • Centralize audit request tracking

  • View how requests map to relevant framework controls

  • Collaborate with your team and auditors through comments

  • Show point-in-time documents and tests

  • Use AI evidence evaluation to proactively flag gaps against auditor requests

  • Mark evidence as ready for internal review or ready for audit

  • Monitor status and deadlines across all requests in one place

  • Auditors can use the API to work out of their tool of choice, as needed

How To Get Started

Upload an IRL to Vanta

You or your auditor can upload an information request list directly into Vanta.

  • Navigate to the Audit page in Vanta.

  • Create a new audit using advanced option: Custom IRL

    • Note: when you create an IRL audit, it will default to including controlled audit views to help auditors select their samples.

  • Click Upload Request List.

  • Upload a CSV file (each request must have a unique ID and can be mapped to framework codes prior to upload or else added after upload).

    • Codes are available for download for reference by selecting download Excel Template.

  • Vanta will validate the requests and import them into your IRL view.

Control Mappings

  • You can view the controls mapped a request by selecting the request, followed by the Controls tab

  • From here you can see controls that have been mapped, or

  • Manually map controls by selecting the + icon

View and Manage Requests

Once uploaded, each request includes metadata such as:

  • Request name

  • Type

  • Description (if provided)

  • Due date

  • Evidence capture date

  • Evidence status

  • Cadence

  • Owner

Currently, metadata can only be edited only by your auditors. In the future, edit permissions are role-based to preserve the integrity of the auditor’s request list.

Auditor-only edits

Only auditors can:

  • Edit the request name or description

  • Change status from Audit Ready to Flagged or Approved

  • Add or delete requests

If any of these changes are needed, they should be routed to the auditor.

Customer-only edits

Customers can:

  • Assign or update the owner

  • Change status from Not Ready to Internal Review or Audit Ready

Shared edits (auditors and customers)

Both auditors and customers can edit:

  • Type

  • Due date

  • Evidence capture date

  • Cadence

Upload Evidence Outside of Vanta to a Request

Evidence can be manually uploaded by team members.

Types of evidence supported today

  • Documents (PDF, Word, etc.)

  • URLs (e.g., links to Google Drive or policies)

  • Observability notes

Uploading Evidence to a Request

  • Click into a request

  • Select + Evidence

  • Upload a file, paste a URL, or enter observability notes

AI Evidence Eval

Vanta will evaluate evidence uploaded from outside of Vanta against the auditor’s specific request and flag gaps. Users can then review the gap including guidance on how to remediate, and fix it prior to submitting the evidence to auditors.

Upload Evidence from Vanta to a Request

Evidence from inside of Vanta can also be mapped to requests including:

  • Automated tests

  • Policies

  • Documents

Vanta will suggest relevant evidence based on the framework code mappings. If framework code mappings aren’t used, you can toggle off the related tab and for any document, policy or automated test run in your framework.

Mark Evidence as Ready for Review or Audit

Once evidence is added, it can be marked for internal or auditor review.

  • Click ready for internal review or ready for audit in the top right of your screen

    • Ready for internal review: For peer/team verification

    • Ready for audit: Shared with the auditor

Notifications

Customers are notified via email in the following instances:

  • When a request is flagged

  • When a request is assigned

  • When a request is coming up to its due date

  • Notified after due date and no evidence

  • Notified when evidence capture date becomes current

  • When auditors share the request list (email)

Note: All comments will be included as part of in-app notifications which can be viewed through the bell icon in-app.

Comment on Requests

You can comment internally or share with your auditor.

  • Open a request

  • Use the Comments section

  • Select whether your comment is internal or shared with auditor

Understand Evidence Capture Dates

Some requests may specify a capture date, meaning evidence can’t be uploaded until that date.

  • These dates are typically defined by your auditor

  • You’ll see a note on when evidence can be added if the evidence window hasn’t opened yet

What You Can Do Today

  • Upload your auditor’s IRL or have the auditor upload it directly

  • Upload outside evidence, including documents and URLs and observation notes

  • Attach Vanta evidence for a given request

  • Mark evidence as ready for internal review or ready for audit

  • Admins can approve evidence for internal or auditor review

  • Auditors can evaluate submitted evidence

  • Add comments for internal collaboration or with the auditor

  • View request details including type, due date, and description

  • Track overall audit readiness and progress

  • View and upload policies mapped to controls as evidence

  • Search and add all documents ,policies and automated tests in a framework as evidence

  • Ability to filter and sort requests by status, due date, owner, etc.

  • Assign or reassign request owners​

  • See controlled audit views in the IRL experience

  • View and upload automated test results as evidence

  • AI-powered evidence evaluation

Information Request List (IRL) Roadmap

Planned for 2026

We are planning additional enhancements to support more advanced workflows:

  • View updated automated test UI in the IRL experience

  • Toggle population pages off in the controlled audit view

  • Add version-specific documents or policies as evidence

  • Add a controls page to audit engagements

  • Perform bulk actions across multiple requests

  • Preview evidence files before submission

  • Admins can enforce audit workflows such as

    • Requiring request owners and editors to put requests into internal review

    • Preventing request owners and editors from commenting directly with the auditor (request owners and editors will be able to see auditor comments)

Related Articles
How will your Auditor use Vanta?
Comments in Vanta
Vanta GRC Implementation Guide
Connecting Vanta & Fieldguide
Vanta & A-SCEND