External Auditor Access

The External Auditor Access feature provides a secure way to grant external auditors controlled access to your quality management system. External auditors authenticate with a verification code and receive time-limited, read-only access to a defined audit scope.

What You Can Do

Verify external auditors using a 6-digit code sent to their email
Define audit scope with specific documents, CAPAs, deviations, and audits
View compliance storyline with timeline of events and risk assessment
Submit audit findings as an external auditor
Access QMS records within the defined scope (read-only)

Access Workflow

The external auditor access process follows four steps:

Step 1: Verification

The external auditor receives a 6-digit verification code via email from the QA team.

Navigate to the External Auditor Access page
Enter the 6-digit verification code
Click Verify Access

Step 2: Scope Review

After successful verification, the auditor reviews the defined audit scope:

Audit Details:

Scope description
Start and end dates
Duration in days

Access Scope — shows the count of accessible items:

Documents
CAPAs
Deviations
Audits

Access Limitations are clearly displayed:

Read-only access to specified documents and CAPAs
Access expires automatically after the audit period
All activities are logged for audit trail purposes
Credentials must not be shared with others

Click Proceed to Storyline to continue.

Step 3: Document Storyline

The storyline provides a comprehensive view of the compliance landscape:

Compliance Summary cards show:

Overall compliance score (percentage)
Total documents count
Total deviations count
Total CAPAs count

Risk Assessment displays:

Risk level badge (High, Medium, or Low)
Identified risk factors

Event Timeline shows the last 10 events chronologically, including:

Document changes
Deviations raised
CAPAs created
Audit events

Each timeline entry shows the event type (with icon), description, and date.

Click Proceed to Access to enter the audit workspace.

Step 4: Audit Workspace

Once access is granted, the auditor can:

View Available Resources:

Documents, Deviations, CAPAs, and Audits within scope
Quick action buttons for each resource type

Manage Findings:

Submit new findings for non-compliances and non-conformities (major and minor)
View existing findings
Review company disputes and provide responses

Access Information:

Session token (partially masked for security)
Expiration period (7 days)
Access level (Read-only)

Security

Key security features:

Feature	Description
Verification code	6-digit numeric code required for initial access
Session token	Unique token generated upon verification
Time-limited access	Sessions expire after 7 days or at the end of the audit period
Scope restriction	Access limited to specifically defined documents, CAPAs, deviations, and audits
Read-only	External auditors cannot modify existing records
Activity logging	All access and actions are recorded in the audit trail

For QA Teams: Setting Up External Access

To grant external auditor access:

Create the audit plan and define the scope
Configure the external auditor access with the appropriate documents, CAPAs, deviations, and audits in scope
Generate a 6-digit verification code
Send the code to the external auditor via their registered email
The auditor uses the code to access the system through the steps above

External Auditor Capabilities

Capability	Available
View scoped documents	Yes
View scoped CAPAs	Yes
View scoped deviations	Yes
View scoped audits	Yes
Submit new findings	Yes
Edit existing findings	No
Modify any records	No
Access out-of-scope items	No

Audit Management — Overall audit lifecycle management
Audit Findings — How findings are recorded and tracked
Dispute Resolution — The dispute process that external auditors may encounter