Is it possible when creating a URL for external third party audits that this is a random string that is generated. Otherwise it is possible for other third parties to access other third party audits by just changing the last number. As I intend to use this more frequently it will increase the chance of third parties trying their luck.
Yep - agreed. I have a list of improvements on my notes for Third Parties:
automatically start and finish audits based on the dates provided
review english on third party audits, findings section
review logic when two auditees need to answer the same question, when can the audit be submitted.
deinfe custom emails for comments, attachments and submissions of forms.
custom roles missing for third party notifications
notification sent when no feedback is provided by the auditees.
put a big warning when deleting third parties, if the object has compliance analysis into it.
when you clone a third party audit, you want to be able to edit all fields and reset all answers.
allow auditee to download answered questions on CSV
missing “Status” on third party (Start / Finished)
make a random hash as third party identifier (<- your suggestion)
Time-wise, we plan finishing workflows in the next couple of weeks, then we have some risk improvements (a week or two) and then we plan to do improvements on third party audits.