What do you like best about the product?

The online management tools helped us keep track of literally thousands of items we needed to address for our certification. It was great for our team to be able to log in, assign items to individuals, and keep track of our progress as we worked through those.

What do you dislike about the product?

Some of the technical "connectors" didn't work properly with our system, meaning we weren't certain if implementation was done properly or not.

What problems is the product solving and how is that benefiting you?

Secureframe helped us with our certification and that was super important. It helped us position ourseves better in the Enterprise software space, which opened up new doors for us in terms of customers and how deeply engaged we are with our offering.

What do you like best about the product?

Easy to use, great guidance and in some situations even AI to help you pass the controls. Integrations with existing tools that automatically gather evidence for SOC2 and ISO27001 certifications

What do you dislike about the product?

Some tests and AI suggestions are still fuzzy.

What problems is the product solving and how is that benefiting you?

Secureframe helps in closing the gap and get us SOC2 and ISO27001 certified.

What do you like best about the product?

Secureframe's structured and collaborative approach has been super helpful for our company, which doesn't have any one person sitting in an operations or compliance role. By inviting the people who oversee tech, finance, HR, legal, etc. to use the system directly, we can get all the policies we need in place without needing extra overhead.

The integrations with our existing systems, eg Microsoft 365 and Github, have also been a major efficiency gain. One of the things we've found most arduous about audit prep has been bringing all of the information and evidence into one repository review. Secureframe makes that easy by checking systems configs itself, and telling you what checks have passed or failed.

Secureframe has also helped us overcome a frustrating little challenge we faced as a small business: recording that policies had been read/accepted, and that training had been attended. Now we can manage this training for all employees on an annual basis.

What do you dislike about the product?

There is a section that allows you to add key information that comes up in vendor due dilligence questionnaires, and Secureframe will help try to answer these questionnaires for you using machine learning. The UX here is a little confusing, and we haven't been able to get it to work correctly. A colleague of mine spent a whole day manually entering questions and answers into the Knowledge Base section, because he didn't see that it was possible to upload previously completed questionnaires (in CSV or Excel format). Now we're afraid to upload the questionnaires, because we aren't sure what's going to happen to his manually entered work.

What problems is the product solving and how is that benefiting you?

As a B2B SaaS company that sells to banks and other financial institutions, being able to demonstrate ISO27k/SOC2 compliance would simplify our sales process. However, getting prepared for the audit and certification is arduous, and we are a small company. Secureframe does all the heavy lifting around getting organised, putting key policies in place, and helping us live them – which will make it easier to eventually get certified.

What do you like best about the product?

Secureframe is one stop when it comes to PCI , SOC2, ISO 27001 2013, GDPR and all other certifications. In one platform you have all the tests which are needed for your company yo be certified.

What do you dislike about the product?

There is nothing so far that I dislike about Secureframe.

What problems is the product solving and how is that benefiting you?

Speeding up the proces of getting Compliant for 6 frameworks at the same time. It saves us a lot of time and effort needed if we were doing it without Secureframe platform.

What do you like best about the product?

SecureFrame allows for assignments to each team member to segment the work and allow for ease of accountability. The document templates and examples provided were a huge efficiency and help to the team. I really enjoyed that it showed progress as things got checked off. That feature provided for added momentum. Lastly, their support was WAY BETTER than other tech companies. Brandon met with us whenever we asked and would help us navigate the platform or better understand expectations of SOC2.

What do you dislike about the product?

It take a while for integrations to update, especially larger ones like AWS.

What problems is the product solving and how is that benefiting you?

We needed SOC2 compliance quickly and their platform allowed us to organize the data, create documents, and see deficiencies at lightning speed.

What do you like best about the product?

The support from the Secureframe team is beyond amazing. Everyone is knowledgeable professional and patient. The system is easy to use and connect to other systems. MY CSM Coletta has done a fantastic job and has been an absolute pleasure to work with.

What do you dislike about the product?

The ability to edit and undo some of the changes I make in the system is missing. Although the team is quick to respond and make any adjustments. I wish I could just undo some of the changes myself such as editing an employee's email address.

What problems is the product solving and how is that benefiting you?

Secureframe has provided a simple centralized solution for meeting security standards and has outlined all the required materials needed to achieve security certifications.

What do you like best about the product?

As a Security & Compliance Officer who has been using Secureframe for several years, I can confidently say it has been one of the most impactful investments we’ve made in our security program. What started as a tool to help us prepare for SOC 2 quickly became the central hub for managing our entire compliance lifecycle.

Key Features and Why They Stand Out:

Automated Evidence Collection:
This feature alone has saved us countless hours each audit cycle. Secureframe seamlessly integrates with our cloud infrastructure, HR systems, and ticketing tools, pulling in the required evidence automatically. What used to be a frantic manual process is now something we monitor in the background.

Continuous Monitoring:
I’ve been consistently impressed with how thorough the continuous monitoring is. We get real-time alerts for configuration drifts, vulnerabilities, and policy deviations—allowing us to address issues before they ever become audit findings.

Policy Library & Customization:
The pre-built policy templates are excellent, but what I value most is the flexibility to tailor them to our organization’s specific needs. Secureframe has made maintaining an up-to-date policy set painless, and version control is built right in.

Vendor Risk Management:
The vendor management module has become a critical part of our third-party risk program. Secureframe gives us the tools to assess vendors quickly, track their compliance status, and centralize due diligence documentation.

Audit-Ready Reporting:
When auditors come knocking, Secureframe makes it simple to export everything they need in an organized, clear, and complete package. Our audit prep time has been reduced by well over 50%, and our auditors regularly comment on how streamlined our process is.

Overall Experience:
Over the years, Secureframe has evolved alongside industry best practices and regulatory changes, and they’ve continuously added value through new features and integrations. Their customer support team has been proactive, knowledgeable, and genuinely invested in our success.

If you’re serious about building and maintaining a mature security and compliance program—whether it’s SOC 2, ISO 27001, HIPAA, or beyond—Secureframe is the platform I would recommend without hesitation. It has fundamentally changed how we manage compliance and given us the confidence that we are always audit-ready.

What do you dislike about the product?

On the whole not much, as mentioned earlier the in app policy editor is very basic, it would be nicer to have some more formatting options. This could also help when adding in Descriptions or comments on items.

There can sometimes be false positives for some of the evidence testing in particular the SecureFrame Agent can report erroneous results sometimes for thinks like BitLocker being turned off, when in fact it hasn't been turned off.

What problems is the product solving and how is that benefiting you?

SOC 2 Compliance is our current focus, although we may elect to add in additional frameworks down the road. Having one singular interface to manage all the controls, tests, policies, vendors and evidence is critical to successful audits.

What do you like best about the product?

My backgound with compliance and auditing led me to believe that acquiring SOC2 Type II reporting was labor intensive and very expensive. Using traditional accounting firms was extremely time consuming for everyone, the staff, management and auditors. I was very pleased to discover SecureFrame which has proven to me that this next generation of compliance tools leverages automation and standard templates to drastically reduce the effort and cost to reach a final report.

What do you dislike about the product?

SecureFrame really shines with cloud based IT systems where their automation simplifies the onboarding of evidence, running on premise bare metal systems is less efficient from an audit automation perspective.

What problems is the product solving and how is that benefiting you?

SOC2 Type II reports offer strategic business value both to our investors and our clients, proving our security maturity and helping us grow our business while effectively managing risk. SecureFrame keeps the costs far more afforable than traditional means. We spend less staff time collecting evidence, we spend less money on the actual audits and less cost of achieving readiness.

What do you like best about the product?

Secureframe's customer service is exceptional. They are proactive, professional and part of your team.

What do you dislike about the product?

The platform is still evolving. There are occasionally still issues.

What problems is the product solving and how is that benefiting you?

Getting Spear AI organized to work towards CMMC certification. Tracking Spear AI's progress and helping us acclerate progress.

What do you like best about the product?

Secureframe has allowed us to streamline our ISO processes and ensure that our policies and proceedures are kept up to date.

What do you dislike about the product?

I cant really fault Secureframe for anything.

What problems is the product solving and how is that benefiting you?

Compliance efficiencies and client risk and security assessments.