✅ Feature availability: Duplicating an audit is possible with the Information Request List (IRL) feature, which is available as an upgrade or add-on. Refer to Vanta Plans and Pricing for details.
With the IRL experience, you can duplicate an existing audit to start your next audit cycle without rebuilding your request list, control mappings, and settings from scratch. Duplicating also carries over eligible Vanta evidence from the source audit, to give you a jump start on evidence collection. This is especially useful for recurring audits where your auditor and framework stay the same year over year.
⚙️ User permissions: Admins and Editors can duplicate audits from the Audits page. Learn more: User Permissions by Product Area
Duplicating an audit
You can duplicate an existing audit to start your next audit cycle without rebuilding it from scratch. Some audit settings can't be edited during duplication.
To duplicate an audit:
Go to the Audits page.
From the top of the page, click Add audit and select Duplicate from prior audit.
From the ••• menu next to the audit, select Duplicate audit.
Edit the Audit name.
Review the Audit firm and Auditors.
The audit firm and auditors carry over from the source audit—update them as needed.
If an audit firm is selected, you need to select at least one auditor to successfully create the audit.
If you're not ready to involve an auditor yet, leave the audit firm blank and assign it later.
Select the dates for your Audit window and Early access to data.
Review your audit settings, then click Create audit.
💡 Tip: If you're not ready to involve your auditor yet, just leave the audit firm blank—you can assign the audit firm and add or remove auditors after audit creation. However, the audit firm can't be changed after it’s been assigned. Learn more: Creating an Audit
Audit settings
The following audit settings apply to a duplicated audit and carry over from the source audit. Some can be edited during duplication, some only after the audit is created, and some can't be edited.
Setting | How to edit when duplicating |
Framework or segment | Can't be edited |
Audit name | Can be edited during duplication flow and after audit creation |
Audit type | Can't be edited |
Audit firm | Can be edited during duplication flow and after audit creation (only if no audit firm was selected during duplication flow) |
Auditor | Can be edited during duplication flow and after audit creation |
Request list | Can't be edited (refers to the type of request list, default vs IRL) |
Auditor view | Can't be edited |
Owner permissions | Can be edited after audit creation |
Audit window or audit date | Can be edited during duplication flow and after audit creation (before the audit starts) |
Early access to data | Can be edited during duplication flow and after audit creation (before the early access date) |
📖 Learn more: Review Creating an Audit for more details on each setting.
Reviewing the audit
After you duplicate an audit, each request starts in one of two statuses depending on whether Vanta evidence could be automatically added. Manually uploaded evidence, links, and observation notes aren't carried over.
From the Requests tab:
Internal review: Vanta evidence was added to the request. You should review the evidence for accuracy before sharing it with your auditor—duplication adds the latest available version, not necessarily the exact file, policy language, or test output used in the source request.
Not ready: No Vanta evidence was found in the source request. You need to add evidence to the request. This is likely because you manually uploaded documents or added URLs as evidence in the source request.
From within an individual request:
If Vanta evidence added to the request shows test evidence as Failed to add, the evidence didn't generate successfully. Remove and add the evidence to the request again.
From the Activity tab, open the source request to see what evidence was used previously.
Evidence capture dates and due dates can be modified in the request metadata at the top of the request.
📖 Learn more: After you duplicate an audit, review the Requests, Controls, and Data & populations tabs before sharing with your auditor. For details, see Managing an Information Request List (IRL).

