External Auditor Access

External auditors authenticate with a verification code and receive time-limited, read-only access to a defined audit scope. This page covers the verification workflow, scope review, and the audit workspace.

Verify access

1. Navigate to the External Auditor Access page.
2. Enter the 6-digit verification code received via email from the QA team.
3. Select Verify Access.

Note

Verification codes are numeric only. If you did not receive a code, contact the QA team directly.

Review the audit scope

After successful verification, the scope review screen displays:

1. Review the audit details: scope description, start and end dates, and duration.
2. Review the Access Scope showing the count of accessible Documents, CAPAs, Deviations, and Audits.
3. Review the Access Limitations panel:
   • Read-only access to specified documents and CAPAs.
   • Access expires automatically after the audit period.
   • All activities are logged for audit trail purposes.
   • Credentials must not be shared with others.
4. Select Proceed to Storyline.

Review the compliance storyline

The storyline provides a view of the compliance landscape:

1. Review the Compliance Summary cards: overall compliance score, total documents, total deviations, and total CAPAs.
2. Review the Risk Assessment: risk level badge (High, Medium, or Low) and identified risk factors.
3. Review the Event Timeline showing the last 10 events chronologically, including document changes, deviations raised, CAPAs created, and audit events.
4. Select Proceed to Access to enter the audit workspace.

Use the audit workspace

Once access is granted:

1. View available resources (Documents, Deviations, CAPAs, and Audits) within the defined scope.
2. Use the quick action buttons to navigate to each resource type.
3. Submit new findings for non-compliances and non-conformities.
4. View existing findings.
5. Review company disputes and provide responses.

The workspace also displays:

• Session token (partially masked for security).
• Expiration period (7 days).
• Access level (Read-only).

Security

Caution

All external auditor activities are logged and monitored. The session token must not be shared with anyone outside the authorized audit team.

Feature	Description
Verification code	6-digit numeric code required for initial access.
Session token	Unique token generated upon verification.
Time-limited access	Sessions expire after 7 days or at the end of the audit period.
Scope restriction	Access limited to specifically defined documents, CAPAs, deviations, and audits.
Read-only	External auditors cannot modify existing records.
Activity logging	All access and actions are recorded in the audit trail.

Set up external access (for QA teams)

1. Create the audit plan and define the scope.
2. Configure the external auditor access with the appropriate documents, CAPAs, deviations, and audits in scope.
3. Generate a 6-digit verification code.
4. Send the code to the external auditor via their registered email.

Tip

Define the audit scope as narrowly as possible. Only include the specific documents, CAPAs, deviations, and prior audits that are relevant to the current audit. This follows the principle of least privilege and reduces the risk of unauthorized data exposure.

External auditor capabilities

Capability	Available
View scoped documents	Yes
View scoped CAPAs	Yes
View scoped deviations	Yes
View scoped audits	Yes
Submit new findings	Yes
Edit existing findings	No
Modify any records	No
Access out-of-scope items	No

Practical example: inviting an external auditor for a supplier qualification audit

Scenario: MedDevice Corp is conducting a supplier qualification audit of CleanRoom Components Ltd. The external auditor, Dr. Anna Petrova from CertiQ Auditing Services, needs access to review relevant quality records before the on-site visit.

QA team setup (performed by Sarah Chen, QA Manager)

1. Sarah creates audit plan AUD-2026-010 (“Supplier Qualification Audit — CleanRoom Components Ltd”) with type Supplier.
2. She configures the external auditor access scope:
   • Documents: SOP-SUP-001 (Supplier Qualification Procedure), SOP-SUP-004 (Incoming Inspection), and the last 6 months of incoming inspection reports for CleanRoom Components.
   • CAPAs: CAPA-2025-018 and CAPA-2025-031 (both related to material quality issues from this supplier).
   • Deviations: DEV-2025-042 and DEV-2026-003 (deviations traced to supplied components).
   • Audits: AUD-2025-015 (previous supplier audit of CleanRoom Components).
3. Sarah generates a 6-digit verification code: 847291.
4. She sends the code to Dr. Petrova at a.petrova@certiq-auditing.com with instructions to access the External Auditor Access page.

External auditor workflow (performed by Dr. Anna Petrova)

1. Dr. Petrova navigates to the External Auditor Access page.
2. She enters verification code 847291 and selects Verify Access.
3. On the scope review screen, she confirms the audit details:
   • Scope: Supplier qualification records for CleanRoom Components Ltd
   • Dates: 2026-04-07 to 2026-04-11
   • Access: 8 Documents, 2 CAPAs, 2 Deviations, 1 prior Audit
4. She reviews the access limitations (read-only, time-limited, activity-logged) and selects Proceed to Storyline.
5. On the compliance storyline, she reviews:
   • Compliance score and risk assessment for the supplier relationship
   • Event timeline showing the history of deviations and corrective actions
6. She selects Proceed to Access to enter the audit workspace.
7. In the workspace, she reviews the scoped documents and prior audit findings. She notes a pattern of repeated material certificate discrepancies.
8. She submits a new finding: “Recurring material certificate discrepancies (3 instances in 6 months) suggest inadequate incoming material verification at the supplier’s facility” with severity Major.

Dr. Petrova’s session expires automatically after 7 days. All her activities — document views, finding submissions, and access timestamps — are recorded in the audit trail.

Related topics

• Audit findings
• Dispute resolution