Getting Started Checklist

Welcome to Secureframe! 🎉

To help you hit the ground running, we’ve built a step-by-step onboarding checklist directly in the platform, complete with a progress bar to track your completion. This checklist appears on your dashboard and guides you through key tasks like setting up integrations, publishing policies, inviting your team, and more.

You can use this article alongside the checklist for more context on each item and tips for completing your onboarding successfully.

Signing In for the First Time

When your organization signs up with Secureframe, you’ll receive an email invitation to join the platform. Here's how to get started:

1. Check your inbox for an invitation email from Secureframe.

2. Click the invitation link in the email to create your account.

3. Set your password and sign in. You’ll be taken directly into your Secureframe dashboard.

4. Start completing onboarding tasks by following the in-platform checklist located in the top left corner called "Getting Started."

💡 If you can’t find your invitation, check your spam or promotions folder. Still missing? Ask your admin to resend it.

Let’s Start with the Basics

Set the foundation for your compliance journey.

• Finish your company profile: Add your Company Details so we can tailor your compliance program.

• Reminder: Reach out to your CS team for any questions: Our Customer Success team is here to guide you through your setup, questions, or blockers.

Configure Your Integrations

Integrate the systems and tools you use every day. Secureframe will collect evidence automatically from these Integrations.

• Add cloud resources: Connect services like AWS, Azure, or GCP.

• Add devices: Sync endpoint tools like Jamf, Kandji, or CrowdStrike.

• Add your personnel: Pull in users from tools like Okta or your HRIS.

• Reminder: Connect remaining integrations: You'll see alerts if any integrations are incomplete.

💡 Secureframe does not enforce any policies without your approval. Integrations are only used for evidence collection and monitoring.

Kickstart Your Compliance Program

Establish key program elements to build your compliance foundation.

• Add and assess your vendors: Add third parties and conduct vendor risk assessments.

• Add risks to risk register: Begin documenting risks and mitigation steps.

• Reminder: Select auditor: Identify and connect your audit partner, or let us know you’re still deciding.

• Reminder: Schedule penetration test: Plan for a pen test if your audit scope requires one.

• Create recurring review schedules: Automate recurring tasks like vendor reviews or policy refreshes.

Invite Your Personnel

Bring your team into the platform and assign compliance responsibilities.

• Categorize personnel: Define roles such as technical, non-technical, or contractor.

• Mark personnel in or out of scope: Apply framework-specific logic to identify who's included.

• Link unlinked accounts: Match system accounts to real users to avoid audit gaps.

• Create, review, and publish policies: Assign policy ownership and publish them to your team.

• Select background check provider: Choose from supported providers or mark as manually completed.

• Initiate background checks: Start checks through your selected provider.

• Invite personnel: Send invites so users can log in and complete assigned training, policies, and acknowledgments.

Keep Your Account Secure

Implement Secureframe-recommended security best practices.

• Set up single sign-on (SSO): Use SSO with providers like Okta, Google Workspace, or Azure AD.

• Set up device management (MDM): Ensure endpoint visibility and control.

• Set up a password manager: Encourage use of secure tools like 1Password or LastPass.

• Select an Information Security Manager (ISM): Designate someone to lead your compliance program.

In this section, you will connect your security solutions to enhance your security posture. For more information on these integrations, please visit our help center's Integrations section.

If you need assistance with assigning an Information Security Manager, you can find more details here.

Launch Your Trust Center (Optional)

Showcase your compliance posture publicly with a branded Trust Center page.

• Upload your company logo

• Set your company description

• Link your terms of use and privacy policy

• Upload compliance certifications

• Upload requestable compliance documents

• Configure a custom domain (optional)

• Publish your Trust Center

🎯 The Trust Center is an excellent way to proactively share security documents and policies with prospects and customers.

Build Out Your Knowledge Base

If your team answers a lot of security questionnaires, this step is key.

• Upload 100 questions and answers: Preload answers to common security, privacy, and compliance questions. These will be used by Secureframe’s questionnaire automation feature.

Process Your First Security Questionnaire

Leverage Secureframe's automation to save time on vendor security questionnaires.

• Upload and process a questionnaire: Let Secureframe auto-fill based on your Knowledge Base.

• Export your completed questionnaire: Download it in the original format and send it to your customer.

Additional Support

• In-app Live Chat: Available Monday–Friday, 6am–6pm EST

• Contact Customer Success: Email us any time for help with onboarding

• Help Center: Search for how-to articles on specific features

• Secureframe Academy: Free video courses to guide you step-by-step

Summary

You don’t have to complete every item right away — but each task brings you closer to audit readiness and a strong security program. Use the in-platform checklist to track your status, and bookmark this article if you need extra detail on what each task involves.

Let us know how we can help — your compliance journey starts now!