How to add Auditors to my Secureframe Instance

Customers requesting Auditor Access

Should you require assistance in providing auditors with access to your Secureframe instance, our Customer Success team is readily available to assist in the addition of these users on your behalf.

Contact us at the success@secureframe.com and provide the following information so that we can quickly assist with creating those Auditor accounts.

  • First Name
  • Last Name
  • Email Address

Upon successful addition, our team will promptly verify with you, and the designated auditors will be duly notified of their successful inclusion in your instance.

Audit Partners requesting Auditor Access

Secureframe has created a new Service Provider Dashboard (SPD) specifically for Auditors. This auditor specific instance will make it easier to access client accounts, in a more secure and self-service way, once approved by those customers.

A few benefits include:

  • Easily access customer instances - Access all of your customer instances through a single dashboard.
  • Manage your client access for your audit teams - Administrators have the ability to grant their audit teams access to approved customer instances based on who is responsible for that client engagement.
  • Use Microsoft Office 365 / Google Workspace to access client accounts - Integrate your Office 365 or Google workspace for a more secure way to access approved client accounts

Contact support@secureframe.com if you are an Audit partner with Secureframe and would like access to our new Auditor SPD.

Adding Auditors by yourself

If you prefer to add Auditors without Secureframe assistance, you can use the Import Personnel feature using a CSV.

Once those Auditors are in the platform you can apply the "Auditor" access and then invite them to your platform to begin performing the audit. 

Secureframe Audit Readiness

Secureframe offers a free Audit Readiness with all subscriptions and recommend scheduling these before you provide auditor access. Not required, just recommended. 

This services is to ensure that our customers go comfortably and confidently into their audit knowing that they’ve had Secureframe as a trusted resource help review all the necessary tests and evidence with a extra set of eyes.

We check to ensure all integration-, platform-, and upload-based tests are passing with the right type of evidence to avoid any findings or audit issues ahead of time.

If not already, make sure you reach out to your Customer Success Manager or email success@secureframe.com to request a free Audit Readiness call. 

Audit Permissions

  • Data Access
    • Ability to view and export uploaded evidence, automated testing evidence and any other data in the platform
  • App Access (View/read only and Exports)
    • Company settings

    • Dashboard

    • Tests

    • Controls

    • Frameworks

    • Personnel

    • Asset Inventory

    • Policies

    • Vulnerabilities

    • Integrations

    • Vendors

    • Vendor access

    • Risk management

    • Data room

    • Questionnaires

    • Knowledge base

    • Trust Center

Frequently Asked Questions (FAQ)

Should I add auditors myself or can Secureframe do this for me?

  • Secureframe is happy to assist, or you can upload yourself following the instructions above. 
  • The most important question to ask yourself before adding auditors is do I feel ready? We offer Audit Readiness service free of charge, we always great to connect with your CSM ahead of time for a practice run on the audit. 

Should I take advantage of the Audit Readiness?

  • Yes, we 100% recommend this. It is included in your subscription and it's an opportunity to have someone look over your work with time to fix before the actual audit starts. 

As an auditor, how can we make it easier for our clients to provision our access without going through onboarding, training, and background tasks every single time?

  • As an auditor or partner, you can (or we can) set your Auditor/Admin access as non-personnel status. This will still allow you access, but remove you from the need to complete onboard related tasks like Policies, Training and Background checks.

I just added an Auditor to my instance using the CSV upload. Is there anything else I should do?

  • Yes, we recommend you set the access role as an Auditor. Once marked as an Auditor, the personnel will move from the Active tab to the Non-Personnel tab. This will not affect their access to the instance.
  • We also recommend you reach out to the Auditor to ensure they have access and help mitigate any audit delays. 

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.