You must be an organisation Administrator to carry out these actions.

The first action required to grant an auditor or external consultant is to set them up as a user on your

Navigating to the 'Create new user' page:

  1. Scroll over your name and image in the navigation bar

  2. Click 'Organisation settings'

  3. Click 'Users'. This will take you to the registered user's page

  4. Click 'Create new user'. This will take you to the create a new user page

Creating a user for your auditor or external consultant

If you are receiving a stage 1 audit, we recommend that a unique email address is created by the auditor. This is because the same auditor may audit multiple customers, but an email address can only be associated with one user in the entirety of our platform.

  • For the purpose of accessing as a user within your organisation
  • For example, the address might be formatted like this: 
    • your-auditor's-ID-for-your-organisation@your-auditor-domain
  • The auditing organisation can grant multiple individuals access to this email address and user. Meaning that if the designated auditor isn't available - e.g. due to sickness, another auditor within the auditing organisation will be able to access using the same user

From the user creation page, you can then enter the auditor's information, including their First name, Last name, Email address, Organisation and Role on the platform.

We then suggest that you Team in your auditor or external consultant to the Work areas that you would like to grant them access to.

To do this, expand the options below the heading 'Add them to some work areas', and click on the radio button relevant to the Work area that you would like to grant the user access to.

By selecting 'Select all work areas that were set up with your organisation's ISMS', you can automatically grant them access to all areas that were provisioned when your platform was created.

Users can also be added to Work areas after they have been created. See here for a guide on how to An Introduction to Teams Team in users.

Work areas that you might want to give that user access to

If you want to grant an auditor access to your Work areas related to ISO 27001:

  • ISMS Cluster
  • ISO 27001:2013 Policies and Controls Project
  • ISMS Board Group
  • ISMS Communications Group 
  • ISMS Corrective Actions & Improvements Track
  • Information Asset Inventory (ISO 27001) Track
  • Security Incident Management Track
  • Policy Packs Administration (if Policy Packs are used)

If you are subscribed to the GDPR module and an external consultant requires access to your Work areas related to GDPR:

  • GDPR Compliance for ICO - With ISO 27001 Project
  • LIA and DPIA Project
  • Personal Data Inventory & Records Processing Track
  • Subject access Requests Track

If you are subscribed to the ISO 22301 BCMS module and an external consultant requires access to your Work areas related to BCMS:

  • BCMS Cluster
  • ISO 22301:2012 Policies and Controls Project
  • BCMS Incident Response Track
  • Business Impact Assessment (BIA)Track

Note: If you use supplier accounts you may also want to grant the Auditor or external Consultant access to your accounts on You can grant access to all accounts by giving that user the Accounts Overview permission.

Remote consultancy from our Service Delivery & Development team

Our Service Delivery & Development (SDD) team is full of in-house information security experts, each with years of experience, that combine to offer a vast range of specialisations in different standards.

Our information security specialists offer remote health checks, full implementation support wraps and internal audits to help you prepare your ISMS. If you are interested in benefitting from our tailored services, contact our support team via live chat or by emailing

In most cases, an SDD member will only need to be teamed into your main work areas, such as the ISO 27001:2013 Policies and Controls Project. However, in some cases, you may benefit from making a separate user within your organisation. If this situation occurs, please follow the steps listed above.