TrustRadius: an HG Insights company

Secureframe

Score9 out of 10

8 Reviews and Ratings

What is Secureframe?

Secureframe is a business software product that streamlines the SOC 2 and ISO 27001 compliance process for companies. It aims to help businesses get compliant quickly, monitoring up to 40 services such as AWS, GCP, and Azure. The software also automates HIPAA compliance monitoring across approximately 100 services while collecting audit evidence, managing vendors and business associates, providing training solutions, among other functionalities.

Read more details.

Videos

Who Buys & Uses Secureframe

Continuous Improvement and Responsive

Use Cases and Deployment Scope

We use Secureframe to track, document, confirm, and complete our audits and third-party attestations for SOC 2, ISO 9001, ISO 27001, and GDPR. We also use it to track our vendor management, document our risk, help track ID and access change management, etc.

The integrations Secureframe has also allow us to verify the data we receive from other monitoring tools when it comes to baseline configurations, track vulnerabilities, policy management and acknowledgement, training, and background checks.

Pros

  • Gives us an accurate overview of our continuous compliance status.
  • Tracks and streamlines our external audits while controlling auditor access.
  • Continuous updates. Their product is always evolving, enriching the features and test controls. Their continuous improvements help us increase our control maturity and security stance.

Cons

  • I would like to see a module for tracking internal audits.
  • Allow clients to customize certain evidence logging to account for representative samples when it comes to the test cadence.

Return on Investment

  • I can't give hard numbers but I can tell you that I introduced Secureframe to this organization and the time, efforts, and stress it has reduced for the team is immeasurable compared to how they were preparing for audits prior. The department now has time to serve our internal stakeholders with customer assurance documents, etc. rather than continuously preparing for audits.

Usability

Alternatives Considered

Vanta

Secureframe gets the job done

Use Cases and Deployment Scope

We used Secureframe to setup and monitor and support audits for our compliance and policies for SOC 2

Pros

  • Easy to use interface
  • Great documentation
  • Routine compliance testing

Cons

  • Minor/moderate bugs over the years and slow to fix/resolve
  • Less integrations than competitors
  • New features are generally always behind new pay walls vs inclusive with already expensive annual price

Return on Investment

  • Made first time and contiuining SOC 2 audits rather smooth

Usability

Alternatives Considered

Drata and Vanta

Other Software Used

CockroachDB, SonarQube, Atlassian Jira