Secureframe Reviews

The friendly support staff answered every question I had about the process or what needed to be documented in relation to the SOC2 certification I was looking to achieve. The many integrations removed a lot of work I would need to do in order to verify my cloud environment along with my other venders. They broke down the process into many steps allowing me to do a bit at a time and eventually get audited.

Like i said in the pros section, I enjoyed how they broken down the process into many different steps. Some of those steps were vague and i needed to contact Secureframes support to learn what I needed to do in order to complete the task. Like I said the support staff were great but I think the examples or explanations could have been better so I would not need to chat / email / call the support in the first place.

- I really like how a lot of the tests have steps that show how to pass them.
Although a lot of those procedures get outdated pretty quickly with how fast interfaces change each year, they give a great starting point to figure it out.
- I also like how once a test has its configuration set, you don't have to re-evidence that test each year. So it's kind of set-and-forget, until (if) it falls out of compliance.

- It would be great if each test had its own unique test number. It can be difficult to keep straight which test is which, as they're currently grouped under common control numbers. Take these for example:

NET-05
Security policy alerting
Security solution alerting

VM-02
External vulnerability scanning
Vulnerability and threat tracking

When looking at the titles, which test does what? It's hard to tell, so when I group evidence or keep personal notes, I always have to go back and figure out why the tests are different. In addition, it would make things way easier to reference a specific test number when collaborating with others.

- The test view filters don't stick very well. I kept having to re-save my view filters when logging in, then I just stopped trying.
- It would be helpful if zip files were a default file type for uploading. Not a big deal, but a bit of a nuisance to keep having to enable it.

Very helpful interface, super easy to follow and manage tasks, both as an admin and employer

Initial onboarding can be problematic. Sign up links should be available for 7 days vs. 24 hours as onboarding a new joiner can take longer than a day.

Single repository and pane of glass for all things GRC. In our case we have an urgent imperative to get ISO 27001 Certified by year end. Tremendous value compared to Vanta and Drata. Great onboarding experience and dedicated account manager have made this process so much easier. The interface is logical, easy to navigate, and we were up and running in no time at all. I love how tests are cross-mapped to controls. The tests also rpovide clear guidance and instructions so providing suitable evidence and workarounds has proven quite easy. I also have to say our advisor has been great; she is a GRC professional, an auditor I believe so we are getting first-class consulting for the price of admission. I have learned so much from her, not just about Secureframe but about ISO in general. Secureframe also has numerous conteatcs in terms of audits, pen testing and so forth, so again, everything is provding to be so easy for us. I coudl not imagine meeting this urgent complaince goal without this partnership.

Some of the integrations (Azure, for example) rendered less than great results or could not connect for some reason (probably on MS side). You can bypass these however, by other means, so this is not really a stopper in my view.

Other platorms provide a real-time comparison for other frameworks, even though you have not paid for them. I was told that we can request to see what out status would be at any time, however.

The product is great for managing critical daily items

Learning curve for me. It took a few weeks to learn the lingo.

Customer support team is extremely helpful and responsive. Platform is well designed, great automation features. Easy to use.

Not all integrations prove to be helpful, unclear what setting up an integration will accomplish beforehand. Some operations throw unexplained errors sometimes, but one can generally work around issues and support has been excellent.

Secureframe provides a seamless way to manage and automate compliance processes, saving significant time and effort. The intuitive interface, robust integrations with tools like AWS and Google Workspace, and the clear guidance for SOC 2 and ISO PCI-DSS audits make it invaluable. The ability to continuously monitor systems and simplify evidence collection is a game changer for ensuring audit readiness.

the setup process can feel a bit overwhelming initially without proper guidance, though their support team is helpful. It would also be beneficial to have more customization options for smaller, niche compliance frameworks.

Secureframe is actively developing its platform so missing features are usually on the roadmap

There is a general lack of work management integrations so all work has to be tracked in Secureframe itself. This gives my team multiple sources of truth.

Secureframe was very easy to use and makes ISO compliance understandable

Sometimes it is not obvious how to do something in Secureframe, however I have a contact who is very responsive and helpful with my questions so that hasn't been a major issue.

Easy to implement and excellent customer success management team.

Nothing negative to report. Things have been working out just fine.

Secureframe helped us become SOC ready and was easy to use.

Some of the step by step remedies were a little out dated, but still invaluable.

very easy to use the UI and the flow of info

Some say that Secureframe limits access for non-users, which can impact collaboration

The Soc2 compliance process is smooth withe ease of access and navigation and nice audit tool that got it done in time

Initially It gives you a long list of things to do. There are times when you don’t have to do 100% of those things – you have to hit 90-something. I think their prioritization is good,

They genuinely want to see you succeed. They are always responsive and demonstrate true professionalism. Highly recommend their services and I personally look forward to all of out future interactions.

There was really no downside to my interactions with Secureframe.

Great tool to collect and organize the evidence for audits

needs constant verification of instance running on each system. Maybe automation to automatically register or detect.

Easy to set up, very good customer support and help.

A bit pricey, and did not fully understand how to add new plans.

The guidance provided to resolve issues was thorough and easy to follow

No terraform support for issue resolution

Platform is very easy to use for folks like myself who are not compliance/security experts. Easy to see all data and what needs to be done in one place.

Some workflows are still manual, but the team is working on automation.

Secureframe makes it possible for small shops to finally overcome the daunting task of becoming SOC II Type I and Type II compliant.

The best part about picking Secureframe is you'll get access to their customer support team via Slack and recurring meetings as you prepare for your audit.

I also thought the platform was intuitive, which made it easy to track where you and your team are at any point in the process.

If you're looking for a way to become compliant quickly - look no further!

You occasionally have to provide a screenshot if you have a product that they haven't yet integrated with. However, the platform makes it incredibly easy to upload and track evidence (screenshots). Overall, they provide a great alternative when/if needed.