Customers requesting Auditor Access

Customers can now automatically provision Auditor access using our Audit Module. 

A few benefits include:

• Track new audits
• Select your own audit form
• Auto provision Auditor Access
• Track historical audits
• and more

Audit Partners requesting Auditor Access

Secureframe has created a new Service Provider Dashboard (SPD) specifically for Auditors. This auditor specific instance will make it easier to access client accounts, in a more secure and self-service way, once approved by those customers.

A few benefits include:

• Easily access customer instances - Access all of your customer instances through a single dashboard.
• Manage your client access for your audit teams - Administrators have the ability to grant their audit teams access to approved customer instances based on who is responsible for that client engagement.
• Use Microsoft Office 365 / Google Workspace to access client accounts - Integrate your Office 365 or Google workspace for a more secure way to access approved client accounts

Contact support@secureframe.com if you are an Audit partner with Secureframe and would like access to our new Audit Dashboard Guide here.

Secureframe Audit Readiness

Secureframe offers a free Audit Readiness with all subscriptions and recommend scheduling these before you provide auditor access. Not required, just recommended. 

This services is to ensure that our customers go comfortably and confidently into their audit knowing that they’ve had Secureframe as a trusted resource help review all the necessary tests and evidence with a extra set of eyes.

We check to ensure all integration-, platform-, and upload-based tests are passing with the right type of evidence to avoid any findings or audit issues ahead of time.

If not already, make sure you reach out to your Customer Success Manager or email success@secureframe.com to request a free Audit Readiness call. 

Audit Permissions

Data Access

• Ability to view and export uploaded evidence, automated testing evidence and any other data in the platform

App Access (View/read only and Exports)

• Company settings
• Dashboard
• Tasks 
• Tests
• Controls
• Frameworks
• Personnel
• Asset Inventory
• Policies
• Vulnerabilities
• Integrations
• Vendors
• Vendor access
• Risk management
• Data room
• Questionnaires
• Knowledge base
• Trust Center

Frequently Asked Questions (FAQ)

Should I add auditors myself or can Secureframe do this for me?

• Yes, with our new Audit Module customers can now provision Auditors as they wish. 
• Please also be aware that Secureframe offers Audit Readiness service free of charge, so we recommend that each customer connect with your CSM ahead of time for a practice run on the audit. 

Should I take advantage of the Audit Readiness?

• Yes, we 100% recommend this. It is included in your subscription and it's an opportunity to have someone review evidence, check scoping, and more with plenty of time to fix before the actual audit starts. 

As an auditor, how can we make it easier for our clients to provision our access without going through onboarding, training, and background tasks every single time?

• As an auditor or partner, you can (or we can) set your Auditor/Admin access as non-personnel status. This will still allow you access, but remove you from the need to complete onboard related tasks like Policies, Training and Background checks.

I just added an Auditor to my instance using the CSV upload. Is there anything else I should do?

• We do not recommend adding Auditors via CSM upload, instead we recommend using the Audit Module to provision access.

Does the Auditor role have access to use the tasks system during an Audit?

• Yes, Auditors will have access to use the Secureframe Tasks system to create internal/external tasks for admins before or during an Audit.
• This is commonly used among customers and auditors to ensure action items are completed in platform on specific audit related needs.  
•