Duplicate an IRL audit
Duplicates an existing IRL audit into a new audit engagement with the supplied displayName, audit dates, early access date, and auditor roster. Company, audit type, and framework are copied from the source audit and cannot be changed.
Each email in allowAuditorEmails must match an active user in the
authenticated audit firm’s domain. Provision auditors via POST /auditors
before referencing them here, or copy emails from GET /audits/{sourceAuditId}
→ allowAuditorEmails when duplicating with the same roster.
Information requests are copied from the source audit. After duplication:
-
Requests with Vanta evidence will be pre-filled and marked as internal review.
Review them before sharing with your customer.
-
Requests where evidence was not available or was uploaded externally will need
evidence added manually.
-
Evidence capture dates and due dates can be modified after duplication.
Rate limit: 10 requests / minute.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
Request body for duplicating an IRL audit into a new audit engagement.
ID of the source IRL audit to duplicate.
Display name for the new audit engagement.
Start of the audit window for the new audit.
End of the audit window for the new audit.
When auditors gain access to the new audit.
Emails of auditors who may access the new audit. Minimum one entry required. Each email must match an active user in the authenticated audit firm's domain.
Response
Ok
The unique identifier for the audit.
The domain name of the customer organization being audited (e.g. vanta.com)
The human readable name of the customer organization being audited (e.g. Vanta)
The uuid of the customer organization being audited
The start of the audit window. This is also when data collection for audit starts.
The end of the audit window.
Timestamp at which auditors gain access to the audit. Occurs before the audit window begins
The name of the framework for the audit
The display name for the audit. Returns the custom audit name if set, otherwise returns the framework name.
Emails of auditors with access to audit
Set to true if all auditors in audit firm have access
Timestamp when the audit was deleted
Timestamp when the audit was created
Timestamp when the audit was updated
Timestamp when the audit was marked completed, and report was uploaded
Audit focus determines if the audit is internal or external facing
EXTERNAL, INTERNAL Metadata about the auditor request list. This field is only present for IRL (Information Request List) based audits and will be undefined for standard audits. Use the presence of this field to differentiate between IRL and non-IRL audits.