Secureframe Onboarding Guide

Hello! We are excited to partner with you on your compliance journey!

This guide will cover the onboarding section of the Secureframe platform. We highly recommend scheduling your onboarding session with your dedicated Customer Success Manager to discuss any questions you may have upon completing this guide.

Please review our list of preferred audit partners and information on the pen testing process. These are auditors and firms that we have a dedicated relationship with so please let us know if you’d like a warm introduction!

Step 1: Company Details

  • Complete all red asterisk (*) fields to save. These are tokens that will be pulled into your policies and allow you to automatically update from a central location.
  • If you do not currently have information for a field that is required, the system will accept a placeholder.
  • When ready to save - hit Next Step
  • What is a security email?

Step 2: Connect Integrations

For all of the integrations below you must connect all integrations using an admin account.

Business Suite

Human Resources

Single Sign On

  • This is typically not a requirement for most to complete a cyber security audit. 
  • We recommend utilizing your Google Workspace or Office365 login wherever possible.
  • Click here for more information on SSO

Background Check

  • For those sitting within the United States, employees and in-scope contractors will typically be subject to a background check
  • In-scope contractors are generally those who can either 1) push code to production or 2) have access to sensitive data. 
  • You can take advantage of preferred pricing with Vetty by navigating to the Vetty integration and selecting the link for the API on the integration page. 

Cloud Services

  • Only production environments or environments with sensitive customer data need to be integrated. Only regions with this data need to be included in the integration.
  • For each integration select Connect and follow the steps listed on the integration page. 
  • Optional settings maximize the utility of the integration, so we recommend you leverage all settings. 

Endpoint Security

Password Manager

Task Management

  • These are typically leveraged to track the following workflows: Onboarding/Offboarding employees, Access changes/modifications, Change Management, and Security Incidents
  • Our current integrations only surface roles and access for these tools.

Developer Tools

  • You can have multiple developer tools.
  • Optional settings maximize the utility of the integration, so we recommend you leverage all settings. 

Communication Tools

  • We only recommend this integration if you use Slack for day to day operations of your business.

Step 3: Add Personnel

Step 4: Create Policies

  • These policies are written generically and broadly to apply to all organizations.
  • Select the three dots on the right to click on Edit or click directly into the policies.
  • To prevent a control failure, we recommend you reach out to your Customer Success Manager to discuss any significant policy changes. We may recommend that you speak with our dedicated compliance team to explore any potential impact on your audit. 
  • Click here for more information on Secureframe’s Policy Builder

Step 5: Add Vendors Please use the search bar to complete your vendor list. 

Here are some helpful articles to learn more about vendors in the audit readiness process.

Step 6: Personnel Settings

Roles

Secureframe utilizes Role Based Access Control to manage access. Here you can see the permissions each of the roles have within Secureframe. Only a Super Admin has the ability to edit or create roles and assign roles to Secureframe users.

  • To create additional roles use the Create Role button.
  • Not every employee needs to have a role assigned to them.
  • Your CSM is happy to walk you through this feature on your onboarding call.

Manage Team

  • We recommend that you Security Team consist of any personnel who participates in your company's security operations + who will be an admin on the Secureframe platform. 
  • Information Security Manager is a designation required by an organizational management control within Secureframe.
  • If you have a Board of Directors (not required) you can add them here. They will not be notified or invited into Secureframe.

Background Checks

  • Please add your background check integration if you have not already done so.

Security Training

  • Choose from the wide variety of security training partners.
  • If you do not have a training program, we highly recommend our free Secureframe training. The free training consists of videos to view and includes a set of security questions. If employees need to step away during the training, their progress will be saved as they go through each lesson.

Customization

    • General Settings
      • We recommend setting Automatic Employee Invites to unchecked until you begin your employee's security onboarding process. 
    • Onboarding for Employees & Contractors
      • Select which Onboarding activities you would like your employees to do.
    • View Policies and Security Awareness Training will be required.
    • Background Checks only collects consent to initiate a background check. It does not automatically initiate the background check.

Step 7: Email Personnel

Feel free to pause here and complete this step after your live Onboarding session

  • Select which employees and contractors you would like to invite to Secureframe for Security Onboarding.
  • Select Edit Email Template.
  • Update the template with any desired changes.
  • Add a subject to the email.
  • We recommend selecting Preview prior to sending.
  • Once all of the above items are completed select Send Email to onboard your employees

That’s it! Please bring any questions you may have to your first call!

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.