Skip to main content

Create and add auditors to an audit

Use this article to create an audit, add auditors, and resolve common reasons an auditor may not have access in Drata.

⚠️ Select your experience

The steps to create and add auditors to an audit depend on your interface version. Select a link to skip to the instructions for your version.

Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.

Instructions for the New Experience ⬇️

An audit in Drata is how you share your compliance data, evidence, and controls with an auditor in a structured, time-bound way.

Creating an audit defines:

  • What is being audited (framework and audit type)

  • When it's being reviewed (audit period)

  • Who can access it (assigned auditors)

If these are set up incorrectly, auditors may not see the expected evidence or requests, or may be unable to work in the audit as intended.

Prerequisites

  • The auditor must use a work email address

  • The auditor must exist on the Auditor list

  • The audit period must be set to a valid date range

Add an auditor

Adding an auditor to the Auditors tab creates their profile in the system, but it does not automatically grant them access to your audits. They must be manually assigned to a specific audit to begin their review.

Step-by-Step Instructions

  1. Navigate to Compliance > Audits in the main sidebar.

  2. Select the Auditors tab at the top of the page.

  3. Click the + Add auditor button.

  4. Enter the auditor's name and contact information.

  5. Enter the access levels for the auditor:

    • Read Only: Allows the auditor to view evidence and controls without making changes.

    • Read Only with Downloads: Allows the auditor to view evidence and export/download files.

If an auditor was added in error or is no longer part of your compliance ecosystem, you can delete the auditor directly from the Auditors tab.

Create an audit

  1. Go to Compliance > Audits.

  2. Select Create Audit.

  3. Choose how you want to conduct the audit.

  4. Enter the audit details, including Framework and Audit period.

  5. Add auditors by selecting existing auditors from the dropdown or adding new auditors.

  6. Save the audit.

Add or update auditors on an existing audit

  1. Go to Compliance > Audits.

  2. Open the audit.

  3. In Assigned auditors, select the edit icon.

  4. Add or remove auditors as needed.

  5. Confirm your changes. Assigned auditors receive an email invitation to access the audit.

Instructions for the Classic Experience ⬇️

This article explains why your auditor may not have access to your audit in Drata and outlines the steps to resolve the issue.

Create your audit

First, ensure that an audit is created in Drata and your auditor is added to it.

The defined activation window and eligibility criteria, such as being part of the active auditor list, also influence access to the audit.

  1. Navigate to your Audit Hub tab and select Create Audit.

  2. You will be prompted to select how you would like to conduct this audit, enter your audit details such as the Framework and Audit period, and add new auditors or select auditors from the dropdown menu.

Add or update auditors to a created Audit

  1. Navigate to Audit Hub and select Open Audit to access more details about the audit.

  2. Select the edit icon under Assigned auditors.

  3. Add the desired auditors.

  4. Confirm your decisions. The assigned auditors will receive an email invite to access the audit.

Always verify the audit cycle dates to ensure you are within the active period and confirm that you are added to the current auditor list.

Related Articles
How audit date ranges and evidence sampling affect auditor access
Using the Drata Audit Portal (New Experience)
Audits page overview (New Experience)
Internal audits in Audit Hub (New Experience)
What auditors can see in Audit Hub
Did this answer your question?