đĄ Still using the classic Drata experience? Refer to Create and add Auditors to your audit for the original UI.
An audit in Drata is how you share your compliance data, evidence, and controls with an auditor in a structured, time-bound way.
Creating an audit defines:
What is being audited (framework and audit type)
When itâs being reviewed (audit period)
Who can access it (assigned auditors)
If these are set up incorrectly, auditors may not see the expected evidence or requests, or may be unable to work in the audit as intended.
Prerequisites
The auditor must use a work email address
The auditor must exist on the Auditor list
The audit period must be set to a valid date range
Add an auditor
Adding an auditor to the Auditors tab creates their profile in the system, but it does not automatically grant them access to your audits. They must be manually assigned to a specific audit to begin their review.
Step-by-Step Instructions
Navigate to Compliance > Audits in the main sidebar.
Select the Auditors tab at the top of the page.
Click the + Add auditor button.
Enter the auditor's name and contact information.
Enter the access levels for the auditor. Once an auditor is added, you have granular control over what they can see and do. You can update these settings at any time:
Read Only: Allows the auditor to view evidence and controls without making changes.
Read Only with Downloads: Allows the auditor to view evidence and export/download files.
If an auditor was added in error or is no longer part of your compliance ecosystem, you can delete the auditor directly from the Auditors tab. Select the auditor and then delete.
Create an audit
Go to Compliance > Audits.
Select Create Audit.
Choose how you want to conduct the audit.
Enter the audit details, including:
Framework
Audit period
Auditors can access an audit only when the audit period has started.
Add auditors by:
Selecting existing auditors from the dropdown, or
Adding new auditors
Save the audit.
âšď¸ What the audit period means
âšď¸ What the audit period means
The audit period defines which evidence is included and which dates auditors can sample, and it affects which requestâlevel downloads are available during that window. It does not control whether an auditor can sign in or open the audit at all.
When creating an audit:
Set the start date to a past date or today
Set the end date based on the audit scope and timeline
If youâre unsure what dates to use, confirm them with your auditor before creating the audit.
Recap:
The audit period defines which evidence is in scope for this audit and which dates auditors can sample from.
Evidence that falls outside this range is not available to the auditor until you extend the period and they reâsample.
If the entire audit period is in the future, auditors can open the audit but wonât see any inâscope evidence yet, and requestâlevel downloads may not return data until dates fall within the period.
Add or update auditors on an existing audit
You can add or update auditors at any time while the audit is active.
Go to Compliance > Audits.
Open the audit.
In Assigned auditors, select the edit icon.
Add or remove auditors as needed.
Confirm your changes.
Result:
Assigned auditors receive an email invitation to access the audit.
Verify auditor access
If an auditor still canât access the audit, confirm the following:
The auditor is assigned to the audit
The audit period is currently active
The auditor appears on the active auditor list
The auditor accepted the email invitation
Always verify audit cycle dates and auditor assignment before troubleshooting further.