Audit Partners

A guide for our Secureframe Audit Partners.

Search

How to add Auditors to my Secureframe Instance

Customers requesting Auditor Access

Customers can now automatically provision Auditor access using our Audit Module

A few benefits include:

  • Track new audits
  • Select your own audit form
  • Auto provision Auditor Access
  • Track historical audits
  • and more

Audit Partners requesting Auditor Access

Secureframe has created a new Auditor Partner Console (APC) specifically for Auditors. This auditor specific instance will make it easier to access client accounts, in a more secure and self-service way, once approved by those customers.

A few benefits include:

  • Easily access customer instances - Access all of your customer instances through a single dashboard, once customer consent is provided.
  • Manage your client access for your audit teams - Administrators have the ability to grant their audit teams access to approved customer instances based on who is responsible for that client engagement.
  • Use Microsoft Office 365 / Google Workspace to access client accounts - Integrate your Office 365 or Google workspace for a more secure way to access approved client accounts

Contact support@secureframe.com if you are an Audit partner with Secureframe and would like access to our new Audit Dashboard Guide here.

Secureframe Audit Readiness

Secureframe offers a free Audit Readiness with all subscriptions and recommend scheduling these before you provide auditor access. Not required, just recommended. 

This services is to ensure that our customers go comfortably and confidently into their audit knowing that they’ve had Secureframe as a trusted resource help review all the necessary tests and evidence with a extra set of eyes.

We check to ensure all integration-, platform-, and upload-based tests are passing with the right type of evidence to avoid any findings or audit issues ahead of time.

If not already, make sure you reach out to your Customer Success Manager or email success@secureframe.com to request a free Audit Readiness call. 

Auditor Permissions

Data Access

  • Ability to view and export uploaded evidence, automated testing evidence and any other data in the platform

App Access (View/read only and Exports)

  • Company settings
  • Dashboard
  • Tasks
  • Personnel
  • Asset Inventory
  • Policies
  • Vulnerabilities
  • Integrations
  • Vendors
  • Vendor access
  • Risk management
  • Data room
  • Questionnaires
  • Knowledge base
  • Trust Center

Note: The Tests, Frameworks, and Controls modules are hidden by default for auditors. Auditors are encouraged to use the Audits Module to review evidence and complete their assessment. If an auditor requires access to these modules, a company admin can grant it through the Auditor Access tab within the Audits Module.

Frequently Asked Questions (FAQ)

Should I add auditors myself or can Secureframe do this for me?

  • Yes, with our new Audit Module customers can now provision Auditors as they wish. 
  • Please also be aware that Secureframe offers Audit Readiness service free of charge, so we recommend that each customer connect with your CSM ahead of time for a practice run on the audit. 

Should I take advantage of the Audit Readiness?

  • Yes, we 100% recommend this. It is included in your subscription and it's an opportunity to have someone review evidence, check scoping, and more with plenty of time to fix before the actual audit starts. 

As an auditor, how can we make it easier for our clients to provision our access without going through onboarding, training, and background tasks every single time?

  • As an auditor or partner, you can (or we can) set your Auditor/Admin access as non-personnel status. This will still allow you access, but remove you from the need to complete onboarding-related tasks like Policies, Training, and Background Checks. Once added, auditors will appear under the dedicated Auditors tab on the Personnel page.

I just added an Auditor to my instance using the CSV upload. Is there anything else I should do?

  • We do not recommend adding Auditors via CSV upload, instead we recommend using the Audit Module to provision access.
  • Auditors have their own dashboard, so rather than uploading them manually one by one, to each customer instance, we simply link an approved Auditor instance to a customer instance for a more streamlined approach.

Can tasks be sent out to auditors in Secureframe?

  • Auditors cannot be assigned as the owner of a task in Secureframe. However, if you select “Send Email” as the delivery method when creating a task, you can manually enter the auditor’s email address. This will send a new task notification directly to their inbox.

👉 Note: The auditor will not see the task in-platform under their own account, since they cannot be selected as an owner. The email notification is the only supported delivery method for auditors.

Does the Auditor role have access to use the tasks system during an Audit?

  • Yes, Auditors will have access to use the Secureframe Tasks system to create internal/external tasks for admins before or during an Audit.
  • This is commonly used among customers and auditors to ensure action items are completed in platform on specific audit related needs.  

How do I disable or de-provision an auditor's access?

If the auditor appears in the Non-Personnel section of your Personnel page:

  1. Click the three-dot menu next to the auditor’s account

  2. Select “Mark as contractor” or “Mark as employee”

  3. Go to the Active tab in the Personnel table and search for the auditor

  4. Click into the auditor’s profile > Edit > remove admin access or change their role

  5. Return to the three-dot menu and reclassify the user as an auditor

Note: Only Super Admins can remove access for other users.

If you don’t see the auditor listed in the Non-Personnel section, please contact Support or your Customer Success Manager for assistance.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.