We're constantly working to make compliance even easier. Check out a quick summary of our recent launches, or see full details at our Product Updates page.

User Access Reviews (GA)

User Access Reviews (UAR) are now generally available for Secureframe Comply Complete customers, giving organizations a structured, audit-ready way to review and manage user access across their applications.

With UAR, teams can schedule recurring or one-time reviews, evaluate user access at the application level, and document decisions to approve, revoke, or follow up. Bulk actions make it easy to manage reviews at scale, while CSV uploads ensure coverage for applications without native integrations. A centralized summary view and exportable data help teams track progress and generate audit-ready evidence with ease.

This release brings a critical compliance workflow into Secureframe, helping organizations reduce access risk and meet requirements across frameworks like SOC 2, ISO 27001, and CMMC.

Enhanced Risk Management experience in ComplyAI

The ComplyAI workflow now clearly guides users to complete required fields like risk description and owner before generating AI-powered recommendations. Once those fields are completed, the interface updates to highlight the next step, helping users move seamlessly through the process.

This update improves usability and reinforces a more guided, AI-first workflow for managing risk assessments.

Auditors now have a dedicated view

We've introduced a dedicated Auditors view within Personnel, designed to better reflect how auditors interact with the platform.

By separating auditors into their own tab, Secureframe can provide a more tailored experience aligned to their role and responsibilities.

Automatic invite flexibility for personnel

Admins now have more flexibility when inviting users into Secureframe. You can choose whether to automatically invite users without a start date, allowing onboarding workflows to better match your organization's processes.

This update makes it easier to accommodate different onboarding timelines while maintaining control over when users receive access.

Smart user mentions in comments

Secureframe now supports Smart User Mentions, enabling customers and auditors to tag each other directly in comments across the platform.

When a user is mentioned using "@", they receive an email notification containing the full comment and a link back to Secureframe. In the Audit Module, links take users directly to the exact test and comment location, ensuring conversations stay tied to the specific requirement under review.

Smart Mentions strengthen collaboration by keeping discussions centralized within Secureframe rather than in external tools. While especially impactful for audits, this functionality is extensible across the platform for internal alignment on risks, evidence, and vendor workflows, keeping discussions centralized and reducing the need for follow-up in Slack or email.

Audit completion workflow

We've introduced a structured Audit Completion Workflow to support the final stages of an audit directly within Secureframe.

Auditors and admins can now upload multiple reports within a dedicated completion modal, allowing draft reports, revisions, and final versions to be tracked in one place. A built-in comments section with smart @mentions keeps report-related feedback centralized in the platform.

Admins can mark when the final report has been received using a dedicated toggle. Once confirmed, either party can mark the audit as complete. This structured flow ensures the audit lifecycle is fully captured and documented in Secureframe from start to finish.

Employee onboarding in French, German, and Spanish

Employee onboarding workflows, including policy acknowledgments and training steps, are now available in French, German, and Spanish. This update makes onboarding more accessible for global teams while maintaining consistency in compliance workflows.

Integration enhancements: Azure, Microsoft Sentinel, Datadog, and ServiceNow

We've rolled out several enhancements across key integrations to improve data coverage, reliability, and compliance visibility.

Our Azure integration now pulls in user data, expanding visibility in the Access tab and strengthening identity-based compliance testing. We've also added support for the government version of Microsoft Sentinel, extending SIEM coverage for customers operating in regulated and public sector environments.

In addition, we've improved our Datadog integration to enhance monitoring and logging validation, and updated our ServiceNow integration to improve syncing reliability and alignment between ticketing workflows and compliance evidence collection.

Together, these updates strengthen Secureframe's ability to automate evidence collection and maintain continuous compliance across critical systems.

New statuses in Audit Module

We've introduced new test statuses in the Audit Module to support clearer communication between auditors and admins.

• Met replaces Accepted to better reflect how requirements are satisfied, especially for federal standards like CMMC.
• A new Not Met status clearly indicates when a requirement hasn't been fulfilled.
• In Review lets auditors signal when a test is actively being evaluated, improving visibility for admins and supporting multi-auditor workflows.

These updates provide greater transparency throughout the audit process and help both sides stay aligned.

Updated audit progress bar

The Audit Module's progress bar now focuses on what matters most: how close you are to meeting all requirements. The bar now tracks progress toward 100% Met, making it easier to understand how prepared you are at a glance.

Improved audit log visibility

We've made subtle but important updates to the Audit Log to help users better understand and navigate changes during an audit. New links allow users to jump directly to changed items from the log table, providing clearer visibility into what's been updated and when. These improvements make the audit experience more transparent and navigable for admins and auditors alike.

Progressive auditor search

We've enhanced how audit firms are linked in the platform. Secureframe now uses progressive search: users type the firm's name, and we search across all audit firms with an Auditor Partner Console (APC).

This makes it easier to connect with your existing auditor and supports a more flexible self-service experience.

Looking for 2025 Updates?

Check out our full summary of 2025 product updates here:
👉 2025 Product & Feature Updates – Secureframe