External auditors in Hyperproof
Collaborate with your external auditor directly in Hyperproof.
How it works for your organization
Organizations are often hesitant to invite external auditors into their Hyperproof instance for fear of the auditor gaining access to information they do not need. The external auditor role prevents this scenario from happening, as they can only perform limited activities relevant to the audits they are members of.
External auditors cannot access any of the typical Hyperproof objects—such as controls, labels, or requirements—only audits they’ve been explicitly added to.
All communication is done via the audit's Activity Feed, where the organization controls what the auditor sees. Furthermore, auditors can only view proof when the organization changes the request status to Submitted to auditor.
Note
If you have SSO enabled and you invite someone to your organization whose email address is not part of your SSO domain, such as external auditors or contractors, they can't log into Hyperproof via the custom URL provided for SSO. These users must log in using the default URL for your Hyperproof instance. Default Hyperproof URLs include:
Hyperproof US: https://hyperproof.app/
Hyperproof EU: https://hyperproof.eu/
Hyperproof Gov: http://hyperproofgov.app/
How it works for auditors
When the auditor accepts the Hyperproof invitation, they can immediately begin collaborating on the audit. Auditors can only view the Proof and Audits tabs, and can only view proof when a request’s status is set to Submitted to auditor.
When a request is in the Submitted to auditor status, the auditor reviews the request and linked proof. They then decide if the request is sufficient or if additional proof is needed. They can then change the request’s status to either Approved or Needs revision.
All communication is done via the audit's Activity Feed, where the organization controls what the auditor sees.