Skip to main content
SecurAtlas lets you grant external auditors read-only access to your workspace through the Auditor Portal. Auditors can review your controls, evidence, risk score, and framework readiness without becoming workspace members — and without the ability to change anything. This page explains how to invite an auditor, what they can see, and how to revoke access when the engagement ends.
MSP teams can use auditor access as a lightweight client transparency tool — send a client’s external auditor directly into the workspace view without coordinating a full member onboarding. The auditor accesses only what they need, and you revoke the link once the audit is complete.

What the Auditor Portal provides

The Auditor Portal gives external auditors a read-only view of your SecurAtlas workspace. Auditors can see:
  • All controls and their implementation status
  • Attached evidence files, links, and expiry dates
  • Your current risk score and score history
  • Framework readiness percentages for all selected frameworks
  • Policies and risk data
Auditors cannot make any changes. They cannot update controls, upload evidence, edit settings, manage team members, or access billing information. The Auditor Portal is only visible to workspace Owners and Admins. Members and Viewers do not see this section in Settings.

Invite an external auditor

1

Open the Auditor Portal

Go to Settings in the left navigation and scroll to Auditor Portal at the bottom of the page.
2

Enter the auditor's email address

Type the auditor’s work email address in the input field (for example, auditor@firm.com).
3

Send the invite

Click Send Auditor Invite. SecurAtlas sends an invitation email to the auditor. The invite appears in the Pending Invitations list with the date sent and expiry date.
4

Auditor accepts and accesses the workspace

The auditor clicks the link in their email. If they do not already have a SecurAtlas account, they are prompted to create one. Once they accept, they appear in the Active Auditors list and gain immediate read-only access to your workspace.
The auditor invitation expires if not accepted within the invite window. If the auditor misses the deadline, revoke the pending invite and send a new one.

Pending invitations

All sent auditor invitations that have not yet been accepted appear in the Pending Invitations list. Each entry shows:
  • The auditor’s email address
  • The date the invite was sent
  • The expiry date for the invitation link
To cancel a pending invite before it is accepted, click Revoke next to the invite. The link becomes invalid immediately.

Active auditors

Once an auditor accepts the invitation, they appear in the Active Auditors list. Each entry shows the auditor’s name, email address, and the date access was granted.

Revoke auditor access

You can revoke an auditor’s access at any time — both for pending invitations and for active auditors.
  • Pending invite — Click Revoke in the Pending Invitations list. The invitation link is invalidated immediately.
  • Active auditor — Click Revoke in the Active Auditors list. The auditor loses access to your workspace immediately upon revocation.
Revoke access as soon as the audit engagement ends. Auditor access does not expire automatically once accepted — it remains active until you revoke it.

Next steps

Manage team members

Add internal teammates and assign workspace roles.

Download a compliance report

Export an audit-ready PDF showing your framework readiness and control status.