Hello! We are excited to partner with you on your compliance journey!
This guide will cover the onboarding section of the Secureframe platform. We highly recommend scheduling your onboarding session with your dedicated Customer Success Manager to discuss any questions you may have upon completing this guide.
Please review our list of preferred audit partners and information on the pen testing process. These are auditors and firms that we have a dedicated relationship with so please let us know if you’d like a warm introduction!
Step 1: Company Details
- Complete all red asterisk (*) fields to save. These are tokens that will be pulled into your policies and allow you to automatically update from a central location.
- If you do not currently have information for a field that is required, the system will accept a placeholder.
- When ready to save - hit Next Step
- What is a security email?
Step 2: Connect Integrations
For all of the integrations below you must connect all integrations using an admin account.
Business Suite
- Please connect with the highest admin level available for each integration.
- Please accept all prompted permission requests in order to full complete the integration. Failure to do so will result in an inoperable integration and remediation will need to be made at the software account level.
-
Available Integrations:
- Google Workspace
- Office365
Human Resources
- Additional integrations may be made by request. Please reach out to your CSM for more details.
- Some integrations will have up to a 14 day delay in population.
- Click here for more information on HR Integrations
Single Sign On
- This is typically not a requirement for most to complete a cyber security audit.
- We recommend utilizing your Google Workspace or Office365 login wherever possible.
- Click here for more information on SSO
Background Check
- For those sitting within the United States, employees and in-scope contractors will typically be subject to a background check
- In-scope contractors are generally those who can either 1) push code to production or 2) have access to sensitive data.
- You can take advantage of preferred pricing with Vetty by navigating to the Vetty integration and selecting the link for the API on the integration page.
Cloud Services
- Only production environments or environments with sensitive customer data need to be integrated. Only regions with this data need to be included in the integration.
- For each integration select Connect and follow the steps listed on the integration page.
- Optional settings maximize the utility of the integration, so we recommend you leverage all settings.
Endpoint Security
- An Endpoint Security solution/MDM is not a requirement for most Security Operations to receive a successful audit report - however it is a best practice!
- Click here for more information on Endpoint Security
- Secureframe has a monitoring agent available free of charge to all customers. Read more about it here: What is Secureframe Agent?
Password Manager
- These tools encrypt passwords and are especially critical to protecting data in accounts with shared access.
- Secureframe has a $100 credit available for new 1Password customers
Task Management
- These are typically leveraged to track the following workflows: Onboarding/Offboarding employees, Access changes/modifications, Change Management, and Security Incidents
- Our current integrations only surface roles and access for these tools.
Developer Tools
- You can have multiple developer tools.
- Optional settings maximize the utility of the integration, so we recommend you leverage all settings.
Communication Tools
- We only recommend this integration if you use Slack for day to day operations of your business.
Step 3: Add Personnel
- This page will only be populated once your Business Suite and/or HR tool are integrated.
- If you do not use an HR solution then you can add this information via the Upload CSV route.
- How does the Add Personnel page in company onboarding work?
- What are unlinked accounts?
- How do I categorize employees?
Step 4: Create Policies
- These policies are written generically and broadly to apply to all organizations.
- Select the three dots on the right to click on Edit or click directly into the policies.
- To prevent a control failure, we recommend you reach out to your Customer Success Manager to discuss any significant policy changes. We may recommend that you speak with our dedicated compliance team to explore any potential impact on your audit.
- Click here for more information on Secureframe’s Policy Builder
Step 5: Add Vendors Please use the search bar to complete your vendor list.
Here are some helpful articles to learn more about vendors in the audit readiness process.
Step 6: Personnel Settings
Roles
Secureframe utilizes Role Based Access Control to manage access. Here you can see the permissions each of the roles have within Secureframe. Only a Super Admin has the ability to edit or create roles and assign roles to Secureframe users.
- To create additional roles use the Create Role button.
- Not every employee needs to have a role assigned to them.
- Your CSM is happy to walk you through this feature on your onboarding call.
Manage Team
- We recommend that you Security Team consist of any personnel who participates in your company's security operations + who will be an admin on the Secureframe platform.
- Information Security Manager is a designation required by an organizational management control within Secureframe.
- If you have a Board of Directors (not required) you can add them here. They will not be notified or invited into Secureframe.
Background Checks
- Please add your background check integration if you have not already done so.
Security Training
- Choose from the wide variety of security training partners.
- If you do not have a training program, we highly recommend our free Secureframe training. The free training consists of videos to view and includes a set of security questions. If employees need to step away during the training, their progress will be saved as they go through each lesson.
Customization
-
-
General Settings
- We recommend setting Automatic Employee Invites to unchecked until you begin your employee's security onboarding process.
-
Onboarding for Employees & Contractors
- Select which Onboarding activities you would like your employees to do.
- View Policies and Security Awareness Training will be required.
- Background Checks only collects consent to initiate a background check. It does not automatically initiate the background check.
-
General Settings
Step 7: Email Personnel
Feel free to pause here and complete this step after your live Onboarding session
- Select which employees and contractors you would like to invite to Secureframe for Security Onboarding.
- Select Edit Email Template.
- Update the template with any desired changes.
- Add a subject to the email.
- We recommend selecting Preview prior to sending.
- Once all of the above items are completed select Send Email to onboard your employees
That’s it! Please bring any questions you may have to your first call!
Comments
0 comments
Article is closed for comments.