Secureframe Reviews & Product Details

Secureframe provides the structure and tracking needed to keep our cyber security program current. It provides refresher frequencies for tasks/controls that need regular review and updates. Secureframe also makes the SOC Audit process far easier by organizing things like asset inventories, configuration settings, and evidence of compliance without exchanging evidence requests and system explainations. Review collected by and hosted on G2.com.

I'd love to see recommended frequences associated with tasks. Manually updating tasks is easy and intuitive but it is something I'll occasionally miss and need to go back and correct. Review collected by and hosted on G2.com.

Secureframe helps keep all of your compliance documents in one place where it can be shared with auditors, internal and external personnel. One of the best features I enjoy using is the application integration and what it does once your application is connected to secureframe. Within a few minutes you are able to tell how well your application configurations are set up compared to compliance standards. On top of that there are suggestions on how to become compliant and so much more. The platform is easy to use, especially for personnel training. If an issue arises the support team waste no time to help resolve it. Review collected by and hosted on G2.com.

I would say the only thing I would like see a change in is the initial invitation expiration time for new personnel. I believe this is currently set at 6 hours. Having the option to increase this would help significantly with our current workflow. Review collected by and hosted on G2.com.

The ability to chose from multiple compliance frameworks, and to create your own. We have been able to chose common information security and data protection frameworks to automate our control frameworks such as ISO 27001, GDPR, PCI and DORA, as well as build frameworks applicable to our specific jurisdictions.

We are able to demonstrate to auditors and regulators our commitment to information security compliance, and our ongoing controls, with ease.

The customer support from the Secureframe team has been incredible. Review collected by and hosted on G2.com.

I'd like to see some improvements in the layout and reporting generally, but Secureframe since we implemented it over 2 years ago has undergone constant improvement.

It would also be beneficial to be able to self-serve things like adding auditors - at the moment, your customer success manager must do this. Review collected by and hosted on G2.com.

Our team spent a lot of time looking at tools to help us achieve and manage security compliance before selecting Secureframe. We started with SOC2, and were successful. We are working on ISO 27001, and are looking at HIPAA compliance as well. Secureframe recognizes what we've achieved for each compliance, and the delta in what we'll need to do on top of the policies and activities that we already engage in to adhere to additional compliance standards. It makes it a lot easier to understand what we'll need to do for each without duplicating work. Beyond that, Secureframe does a great job of helping us track our progress and stay on top of ongoing requirements. Review collected by and hosted on G2.com.

Secureframe can connect with various software platforms, like Google and Microsoft. We did notice that there were some hiccups with this, such as if we were on a free version of a software. Overall, the feature set is solid, but it's good to note that you have to be on a compatible plan with some software vendors. Review collected by and hosted on G2.com.

As an IT specialist supporting HR operations at a mid sized company, Secureframe has become essential for managing our SOC 2 compliance requirements. I use the platform daily for monitoring compliance status and weekly during audit preparation cycles, and the clean interface makes frequent use manageable without overwhelming complexity.

The employee portal is exceptionally well designed for HR workflows, our team can easily track mandatory training completions and policy acknowledgments without constant IT intervention, which has reduced my daily support tickets significantly. The visual dashboard with color coded status indicators (red, yellow, green) provides instant visibility into compliance gaps, which is crucial when supporting both customer operations and internal audit processes.

Customer support deserves recognition for their responsiveness during implementation and ongoing guidance. The centralized policy management and task delegation features have streamlined our compliance workflows considerably, and the integrations that work well (particularly with our core HR systems) have automated several previously manual processes. Review collected by and hosted on G2.com.

The initial setup was significantly more complex than anticipated, requiring substantial time investment to configure properly for our HR specific compliance needs. While the support team provided assistance, the onboarding process could be more streamlined for mid sized organizations like ours.

The integration experience has been inconsistent, while some connections work smoothly, others require extensive manual configuration or simply don't deliver the promised automation. Most frustratingly, despite marketing promises of automated evidence collection, we still manually upload the majority of our documentation and screenshots, which defeats one of the platform's primary value propositions.

Reporting functionality lacks flexibility when creating custom compliance reports for executive leadership, often requiring workarounds. Additionally, the automated risk alerts don't always account for the realities of smaller IT teams, occasionally flagging items as high risk that are appropriately managed given our company size and resource constraints. Review collected by and hosted on G2.com.

Secureframe’s best feature is their super easy and intuitive interface that allows users to take advantage of built-in features at no expense to heavy customization which is every user’s dream. In addition to allowing a mix of technology integration and fully customized SOC 2 controls and tests, the software streamlines evidence collection and makes audits much easier to navigate, with a sleek visual dashboard for live progress tracking.

Dedicated customer service support with weekly touchpoint meetings whether customers are actively in an audit or not makes Secureframe my company of choice. Review collected by and hosted on G2.com.

Secureframe lacked some of the RBAC features expected from audit software providers, necessitating workarounds. However, each and every one of our suggestions or feedback made it onto their development roadmap inclusive of more granular access control so I cannot really complain! Review collected by and hosted on G2.com.

Secureframe has significantly reduced the time and effort needed to prepare and share evidence for audits. Its integrations, combined with the ability to store and reference previous years’ screenshots and documentation—automatically indexed and retired when needed—are a game changer. Instead of reinventing the wheel for each audit, we can reference what passed review in the past, making SOC 2 and PCI compliance work far less stressful. The built-in best-practice templates for policies and addendums also make it easy to stay aligned when audit frameworks are updated. Review collected by and hosted on G2.com.

The onboarding process was challenging, though the Secureframe team provided excellent guidance throughout. One feature I’d like to see is the ability to tag AWS assets as “out of scope” directly in the platform—something AWS Security Hub also lacks. This would help automate some manual steps we still perform today. Review collected by and hosted on G2.com.

The customer support from Secureframe was excellent. Since this was our team's first time undergoing a SOC 2 audit, we had many questions about how to implement various controls. However, our support representative was very knowledgeable and patient, guiding us through the process.

Another great aspect of Secureframe is the price. Compared to many other compliance software solutions, Secureframe is quite affordable, especially for smaller businesses. Despite its lower cost, the platform is comprehensive and offers many of the core features found in more expensive competitors. Review collected by and hosted on G2.com.

It felt like the Secureframe device monitoring agent could be a bit finicky at times. We had trouble installing it on some of our employees' devices, and it could take a while for the devices to show up in the Secureframe dashboard. Also, there could sometimes be a bit of lag when syncing information from external systems into Secureframe. Review collected by and hosted on G2.com.

SecureFrame has been extremely valuable to our organization. Their customer service is top tier and have helped us through a lot of issues as well as explaining things we had questions on. If they did not have the answer at the time, they would go research and get back to us in a very reasonable time. It was very straight forward on implementation. Review collected by and hosted on G2.com.

The downside is the actual audit function. I wish that the auditors worked out of SecureFrame and the tests there instead of an outside tool. The outside tool should either integrate with SecureFrame or the audit be housed in SecureFrame. They know this and are working towards this I believe. Review collected by and hosted on G2.com.

Secureframe takes something that on the outside seems extremely complex, like obtaining a SOC 2 compliance, and makes it extremely easy to understand and tackle with their easy implementation, their fantastic customer support, and how easy it is to integrate all of our tools within their platform. This is something that our team is now using daily to ensure that our compliance is maintained! Review collected by and hosted on G2.com.

Sometimes the integrations have hiccups, which aren't necessarily Secureframe's fault, but cascade into displayed compliance failures when they are often false positives. This, however, is easy to fix manually, but an updated interface there would be beneficial. Review collected by and hosted on G2.com.