Question - Vendor Assessments used for internal audit of vendor reports

We want to use the Vendor Assessments feature to evaluate compliance reports (such as SOC2) from our third party data center. Is there a way to do this that doesn’t require an additional logon? When we receive these, the IT Director is the Auditor, and I as the IT Security analyst, review the report and submit my findings, making me the “auditee”. So when I click on the portal to fill out the questionnaire, I have to log in again despite already being logged in to my account.

I’m a bit lost but i’ll try to share the facts on how it works :slight_smile:

The “auditor” (if i understand that is some Director in your organisation) interest is to send va’s that the “auditee” must answer (if i understand that is you).

Both roles on any VA can have more than one account (it does not seem to be your case) and that account must have access to the portal (system / settings / user management).

To answer (the auditee would do this) or review questions (the auditor would do this) both must login to the portal specific url generated for this VA and that requires a login (never tried to re-use a session from the other portal but they are different sessions keys and so is very likely you will need to login again)