Is it possible when creating a URL for external third party audits that this is a random string that is generated. Otherwise it is possible for other third parties to access other third party audits by just changing the last number. As I intend to use this more frequently it will increase the chance of third parties trying their luck.
Yep - agreed. I have a list of improvements on my notes for Third Parties:
- automatically start and finish audits based on the dates provided
- review english on third party audits, findings section
- review logic when two auditees need to answer the same question, when can the audit be submitted.
- deinfe custom emails for comments, attachments and submissions of forms.
- custom roles missing for third party notifications
- notification sent when no feedback is provided by the auditees.
- put a big warning when deleting third parties, if the object has compliance analysis into it.
- when you clone a third party audit, you want to be able to edit all fields and reset all answers.
- allow auditee to download answered questions on CSV
- missing “Status” on third party (Start / Finished)
make a random hash as third party identifier (<- your suggestion)
Time-wise, we plan finishing workflows in the next couple of weeks, then we have some risk improvements (a week or two) and then we plan to do improvements on third party audits.