Secureframe’s Custom Data Platform (CDP) is a companion feature to Custom Automated Tests (CAT) that enables your organization to integrate and automate compliance for systems not covered by native integrations.

While Custom Automated Testing (CAT) focuses on writing custom tests for existing integrations, CDP empowers you to bring in data from bespoke systems, legacy tools, on-premise systems, or other unique environments — all while maintaining full automation and control.

CDP allows you to ingest, map, and test compliance-related resources such as:

• Personnel/user accounts
• Devices
• Training records
• Cloud resources

All other ingested resource types will be shown as Custom.

👉 View our API documentation to get started.

Create a custom integration 

From the custom tab on the Integrations page, click “Create custom integration” then enter details. 

Getting Data Into Secureframe

You can send data to Secureframe in two ways:

• API ingestion: Send structured JSON payloads using our public API.

• CSV upload: Upload CSV files from the custom integration or schema pages directly in the platform.

There’s no need for transformation — Secureframe will automatically infer the appropriate source and target fields, as long as the data is structured in valid JSON.

If no schema for the integration exists or if you are sending data for a new resource type, you must define one by refining source and target fields for each resource type. Schemas are used to organize different types of data within your custom integration. You can either map data to an existing Secureframe model or create a custom one. In either scenario, you can include custom fields that don’t map to Secureframe’s normalized fields. Schemas can be edited at any time. 

To send additional data to a defined schema via API, you can create an API request using the schema’s slug name and the integration’s connection ID, or upload another CSV file. 

Please be sure to follow a consistent format when uploading subsequent CSV files as changes in naming conventions may create new field types that may not consolidate. 

Request logs

The Request logs tab keeps a record of batches of data processed or pushed through the API. Each API request appears here. 

Error messages

Error messages will indicate cases where there are missing fields, invalid field values or invalid mappings. You will have an opportunity to either address these errors or acknowledge them. Acknowledged errors can be unacknowledged. 

View & Test resources

You can view resources under each schema (e.g., training records). Certain types also become normalized in the platform as follows: 

• User accounts in the Personnel tab
• Training records (Schema’s resources, can tie to test evidence via CAT)
• Cloud resources in the Asset inventory tab
• Custom in the Asset inventory tab
• Devices in the Asset inventory tab

Test resources

You can write custom automated tests to monitor any attribute of data sent through your custom integration. You can view associated tests as well as associated evidence in your custom integration’s Testing tab. 

Read more on how to create a custom automated test here. 

Benefits

With CDP, you can unlock a range of benefits, including:

• Tailoring compliance automation: Using CDP to build custom integrations, organizations can tailor compliance management to their unique data environment. Say a customer has a custom-built user management system. They can use CDP to ingest personnel account data, allowing them to automatically track and test user onboarding and offboarding.
• Ingesting custom asset types: CDP enables organizations to ingest custom asset types from virtually any data source, including legacy systems, proprietary tools, or hybrid environments. For example, a customer can use CDP to track maintenance logs for on-prem equipment along with the rest of their data. 
• Eliminating the need for manual uploads: CDP enables you to automate more of the evidence collection process against resources pulled from your custom integrations, so you don’t have to manually upload that data. For example, a customer can use CDP to ingest computing and network resources from any cloud infrastructure platform, effectively extending Secureframe’s automation coverage.
• Reducing developer resources needed to build custom integrations: Since CDP handles schema inference automatically, customers can simply push raw data, like training records from a third-party training provider, and it will show up in the platform with logical relationships between resource types and custom objects. This means less time and resources will be required from your developers. 

Frequently Asked Questions (FAQ)

I don't see this Custom Integration feature in my Secureframe instance?

• This feature is currently in Early Release for testing purposes while we prepare for final Go Live.
• If you would like access early, please connect with success@secureframe.com for more details.

Is Custom Integration (CDP) feature available to all customers or specific plans?

• No, this feature is available for customers on our Complete Plan. 
• If you are unsure, or have any questions please connect with our Account Management team at accountmanagement@secureframe.com to confirm. 

How is this different from Secureframe's Open API?

• You can only update objects already existing in Secureframe through the API.
• With the Custom Integration (CDP) feature coupled with Secureframe's API, you can create and map custom resources from tools and services that Secureframe doesn't offer a native integration with.