Secureframe

Secureframe Comply

Learn to automate your infosec compliance and streamline your audit process

By Brady and 1 other2 authors98 articles

AI Capabilities

Overview of AI Capabilities in Secureframe

Asset Inventory

FAQs: Asset and endpoint management: inventory, MDM, and device evidence

Import devices via CSV

Asset Inventory Page Details

Background Checks

FAQs: Background checks: requirements, Secureframe setup, and common scenarios

Background check scope

How to Upload and Match Background Checks

Controls

FAQs: Network and physical security: segmentation, facilities, and evidence

Using the Controls View in Secureframe

Custom Tests from within a Control

Duplicating Controls

Add Custom Controls

Dashboard (Home)

Homepage: Charts, Action Items and Frameworks

Filtering Tables

Filtering in the Secureframe app

Frameworks

FAQs: Frameworks and mappings: controls, tests, and cross-framework views

Framework Resources (SOC, ISO, and more)

Secureframe Framework offering

Scoping Rules and Frameworks

Creating Custom Frameworks

Using the Frameworks Views in Secureframe

Map Framework Requirements and Controls

Mark Framework Requirements and Controls as N/A

Export evidence from Controls and or Frameworks Page

Framework Scoping - Supporting Segregated Accounts

Policy Management

Policy 'Last Published' date: how it works and why it might not update

FAQs: Policies and acknowledgments: templates, mappings, and workflows

Overview of the Policies Page

Linking a published Policy to a Policy Test

How to write an effective Policy

Create and or Edit policies

Policy User Acknowledgement: How to publish and send policies

Assign a policy owner

Archive or Unarchive a policy

Policy Changelog

Personnel "Employee" Onboarding

📓 Master Index: Personnel Trainings and Background Checks

Import personnel via CSV

Employee Onboarding (Full Guide)

Integrate and Initiate background checks (Checkr)

Automatic Personnel Invites

Personnel Management

Out-of-scope personnel: why they may still show task statuses or appear in filters

Email domain filters: what “Included domains” really means (common gotchas)

FAQs: Personnel management: HRIS, onboarding, and common scenarios

Filtering Personnel by Email Domain

📓 Master Index: Personnel Management

Managing Personnel

Understanding personnel statuses & scoping

Personnel profiles- Consolidated

Categorize Personnel - consolidated into Managing Personnel

How to handle Unlinked Accounts

Background check email - merged into another background article

Personnel Groups

Editing & Merging Personnel Records

Managing Domain Changes for Personnel in Secureframe

Access Roles / Role Based User Access (RBAC)

Personnel Compliance Status - consolidated into another article

Risks Management

FAQs: Business continuity and disaster recovery: backups, resilience, and evidence

FAQs: Incident response and risk events: plans, playbooks, and evidence

Enhanced Risk Management Module

Risk Management Module

Risk Register Flexible CSV Uploads

Comply AI for Risks

Tests and Test Guidance

Why a test can show Pass when evidence looks empty (null/false or missing)

FAQs: Evidence and documentation: uploads, attachments, and proof in Secureframe

FAQs: Tests and controls: evidence, frameworks, and troubleshooting

GCP VPC Network and Route Logging Tests

AI Evidence Validation for Upload Test

Upload Test Guidance & Organizational Control

Custom Automated Tests (CAT)

Tests Page Overview: Test Types, Uploading Evidence, Filtering

Custom Upload Tests (CUT)

Understanding Upload Tests: Intervals, Evidence Validity, Due Dates, and Tolerance Windows

Test Activity Dashboard

Comply AI: Cloud Remediation test guidance

Evidence Best Practices

JSON evidence for integration test (AWS, GCP, Azure)

Views and Exports

Training & Policy Acknowledgment Reset

Bulk Reset Policy Acceptances

Reset policy acceptance status for personnel

Reset Security Awareness Training completion status for personnel

Resetting Policy Acceptance When Publishing Policy Changes

User (Vendor) Access Review

User Access Reviews (UAR)

How to Review and Manage Account User Access in Secureframe

Vendor Access Reviews

Vendor Risk Management

FAQs: Vendor risk management: assessments, workflows, and evidence

Vendor Risk Management (VRM) - Full Guide

Third Party Risk Management (TPRM) - Full Guide - replaced by newer version

How to add, edit or view Vendors

How to handle your first Vendor Risk Management review

Using Comply AI in Advanced Vendor Risk Management

Vendor Security Questionnaires and Requests for Information (RFI)

Vulnerability Management

FAQs: Vulnerability management: scanning, remediation, and evidence

Vulnerability Management

External Vulnerability Scanning

Open-source DAST or SAST tools

Workspaces

FAQs: Workspaces, tasks, and in-app workflows: assignments, filters, and notifications

Secureframe Workspaces