FeaturesFrameworksAboutContact
Sign inBook a Demo
All Features

Auditor Access

Give auditors exactly
what they need. Nothing more.

Time-limited, OTP-verified portals that give external auditors scoped read-only access to the evidence that matters — without creating accounts, oversharing data, or losing track of who saw what.

Book a Free DemoSee all features →

What it does

Secure access. Zero friction.

OTP email verification

Auditors receive a 6-digit one-time passcode by email. No account, no password, no onboarding — they click a link, enter the code, and they're in. Access granted in under 60 seconds.

Time-limited access

Every portal session has a defined expiry — set it to hours, days, or weeks. When it expires, the link dies. No manual cleanup, no forgotten open sessions.

Scoped read-only access

Auditors see only the evidence you've chosen to share — specific controls, specific files. Your full risk register, internal notes, and other tenant data are never visible.

Instant revocation

Cancel an auditor's access in one click at any time — mid-session if necessary. The token is invalidated immediately. No waiting for expiry.

Full audit logging

Every view, every download, every action inside the portal is logged with the auditor's identity and a timestamp. When your ISO 27001 auditor asks 'who accessed this?' — you have a complete, timestamped answer.

Comment-only interactions

Auditors can leave comments against evidence or controls — ask for clarification, flag a concern, or confirm a finding. They can't edit, delete, or move anything.

How it works

Create. Share. Control.

Create the portal

Select which controls and evidence files to share. Set an expiry date. Enter the auditor's email address. Click 'Send portal link' — they receive a secure link and a 6-digit OTP in under 60 seconds.

Auditor verifies and reviews

The auditor clicks the link, enters their OTP, and lands in a clean read-only view of exactly what you've shared. They can view evidence, download files, and leave comments. SHA-256 integrity badges confirm no file has been altered since upload.

Track, respond, revoke

Monitor who has accessed the portal and when. Reply to auditor comments from within RiskGuard. When the audit is complete — or if anything seems off — revoke access instantly. The full log is retained for your own records.

Built to the same standard as the best

The access model your ISO 27001 auditor expects to see.

SOC 2 CC6.1 requires access to be granted on a least-privilege basis and revoked promptly when no longer needed. The RiskGuard auditor portal satisfies this by design — scoped access, time-limited tokens, and one-click revocation. No manual cleanup. No open access that outlasts the audit.

GDPR Article 32 requires appropriate technical measures to protect personal data. OTP verification, token expiry, and row-level security are those measures — built in, not bolted on.

OTP email verification — no account creation, no passwords to manage
Tokens expire automatically — no permanent access links ever issued
Full access log retained — who viewed what and when, audit-ready

Works seamlessly with

The rest of your compliance workflow

Evidence Locker

The portal shares evidence from your locker directly. SHA-256 integrity badges tell auditors every file is exactly as uploaded — tamper-evident at the point of sharing.

Learn more

Controls Library

Share specific controls with their linked evidence in one scoped view. Auditors see the control, the evidence, and the compliance result — nothing outside the scope you defined.

Learn more

PDF Audit Reports

Send auditors a PDF summary before or after the portal session. Full compliance posture, control coverage, and findings — in a format they can keep and file.

Learn more

Ready to get
audit-ready?

Book a 30-minute demo and see how RiskGuard can get your startup compliant — without the consultant fees.

Book a Free Demo →