secureframe

JSON twin: https://www.healthaidb.com/software/secureframe.json

Company Name

Secureframe

Product URL

https://secureframe.com/comply

Company URL

https://secureframe.com/

Categories

• administrative
• security and compliance
• risk management
• third-party risk management
• GRC

Summary

Secureframe is a cloud-based security, privacy, and compliance automation platform that helps organizations achieve and maintain frameworks like SOC 2, HIPAA, ISO 27001, PCI DSS and GDPR faster.

Description

Secureframe automates evidence collection, continuous monitoring, policy generation, vendor risk management, and audit workflows to accelerate audits and ongoing compliance. It offers pre-built mappings for multiple frameworks, integrations with cloud, identity, and security tooling, and a healthcare industry page highlighting support for health plans, providers, insurers, and clearinghouses seeking HIPAA and SOC 2 compliance.

Api Available

yes

Certifications

• FedRAMP 20x Low (authorized)
• SOC 2 (facility to generate SOC 2 reports / audit support)
• ISO 27001 (supported / managed in product)

Company Founding

2020

Company Offices

• United States
• Canada
• United Kingdom

Compliance

• SOC 2
• HIPAA
• ISO 27001
• PCI DSS
• GDPR
• NIST CSF
• NIST SP 800-171
• NIST SP 800-53
• CMMC 2.0
• FedRAMP 20x

Customers

• AngelList
• NASDAQ
• Smartcar
• Lyra
• Ramp
• Remote
• Coda
• Indent
• NASD A Q
• Smartcar

Data Residency

US hosting options (includes AWS GovCloud for US Gov), leverages major cloud providers for region choices

Data Standards

Deployment Model

• SaaS

Features

• Automated evidence collection
• Continuous monitoring
• Controls management
• Policy management
• Risk management (linking controls to risks)
• Vendor / third-party risk management
• Security awareness / training management
• Automated tests and monitoring
• Audit support and readiness workflows
• Framework mapping and progress tracking (SOC 2, ISO, HIPAA, etc.)
• Integrations catalog and connector management
• Compliance reporting and evidence export
• Personnel management (HR/onboarding controls)
• Access management and vendor access controls
• Questionnaire automation

Id

P1477

Integration Partners

• Zapier
• Rootly
• SecurityScorecard
• Adversis
• Conformly AS
• Entara
• Sprocket Security
• Trava Security
• UMIT Technologies
• Varyence
• Vinebrook Technology
• PointSolve Technology
• Securis360
• STAND 8 Technology Services
• IT Goat
• Usherwood Office Technology
• Securis360
• Entara

Integrations

• Google Workspace
• Microsoft Office 365
• Amazon Web Services (AWS)
• AWS GovCloud (US)
• Microsoft Azure
• MongoDB Atlas
• Slack
• Zoom
• Microsoft Teams
• GitHub
• Datadog
• Azure DevOps
• HubSpot
• Salesforce
• CrowdStrike
• 1Password
• Bitwarden
• Duo
• Microsoft Sentinel
• Checkr

Languages Supported

• English

Last Updated

2025-09-07

License

commercial/proprietary

Links

• https://secureframe.com/
• https://secureframe.com/comply
• https://secureframe.com/pricing
• https://secureframe.com/about
• https://trust.secureframe.com/
• https://secureframe.com/integrations
• https://developer.secureframe.com/
• https://support.secureframe.com/hc/en-us
• https://www.gartner.com/reviews/market/it-risk-management-solutions/vendor/secureframe/product/secureframe
• https://secureframe.com/blog/fedramp-20x-authorization

Market Segment

• enterprise
• smb

Optional Modules

• Secureframe AI (Comply AI)
• Custom Integrations / Secureframe API
• Secureframe Federal (FedRAMP/CMMC-focused capabilities)
• Continuous monitoring add-ons
• Security training (advanced packages)

Os Platforms

• Web

Pricing Details

Contact vendor for pricing; offers demo and sales conversations (no public list prices).

Pricing Model

enterprise_quote

Privacy Features

• Business Associate Agreement (BAA) available for HIPAA
• Privacy framework support (GDPR/CCPA guidance)
• Data minimization and policy templates

Ratings

• G2: 4.7/5 (450+ reviews) — Secureframe product page (G2)
• Capterra: 4.8/5 (30+ reviews) — Capterra listings referenced in partner comparisons
• AWS Marketplace: positive customer reviews (marketplace listing)

Regions Available

• United States
• Canada
• United Kingdom
• European Union
• Australia
• Global

Release Year

2020

Security Features

• Encryption at rest and in transit
• Role-based access control (RBAC)
• SSO / SAML
• Audit logs / activity logging
• Multi-factor authentication (2FA)
• Continuous monitoring
• Vulnerability monitoring / scanning integrations

Specialties

—

Support Channels

• help_center / knowledge base (ticketing)
• email / contact form
• request-demo / sales chat
• status page (system status)
• support portal (ticketing)

System Requirements

Target Users

• security teams
• compliance teams
• IT/DevOps
• CISO/security leadership
• legal/privacy officers
• IT admins
• risk managers
• healthcare compliance officers

Training Options

• documentation
• help_center articles
• webinars
• live_online demos
• product updates / release notes

Type

product

User Reviews

• UX and customer support are both really good for the space.
• We're at a pretty happy 'set it and forget it' phase with Secureframe.
• We demoed Drata, Vanta, Secureframe — Secureframe's sales calls were meh but the product worked well.
• Tremendous value compared to Vanta and Drata. Great onboarding experience and dedicated account manager.
• We ended up going with Secureframe because it's cheaper and they actually offer some compliance that others don't.

Version

1.0

Canonical JSON

{
  "company_name": "Secureframe",
  "company_url": "https://secureframe.com/",
  "company_offices": [
    "United States",
    "Canada",
    "United Kingdom"
  ],
  "company_founding": "2020",
  "product_url": "https://secureframe.com/comply",
  "categories": [
    "administrative",
    "security and compliance",
    "risk management",
    "third-party risk management",
    "GRC"
  ],
  "market_segment": [
    "enterprise",
    "smb"
  ],
  "links": [
    "https://secureframe.com/",
    "https://secureframe.com/comply",
    "https://secureframe.com/pricing",
    "https://secureframe.com/about",
    "https://trust.secureframe.com/",
    "https://secureframe.com/integrations",
    "https://developer.secureframe.com/",
    "https://support.secureframe.com/hc/en-us",
    "https://www.gartner.com/reviews/market/it-risk-management-solutions/vendor/secureframe/product/secureframe",
    "https://secureframe.com/blog/fedramp-20x-authorization"
  ],
  "summary": "Secureframe is a cloud-based security, privacy, and compliance automation platform that helps organizations achieve and maintain frameworks like SOC 2, HIPAA, ISO 27001, PCI DSS and GDPR faster.",
  "description": "Secureframe automates evidence collection, continuous monitoring, policy generation, vendor risk management, and audit workflows to accelerate audits and ongoing compliance. It offers pre-built mappings for multiple frameworks, integrations with cloud, identity, and security tooling, and a healthcare industry page highlighting support for health plans, providers, insurers, and clearinghouses seeking HIPAA and SOC 2 compliance.",
  "target_users": [
    "security teams",
    "compliance teams",
    "IT/DevOps",
    "CISO/security leadership",
    "legal/privacy officers",
    "IT admins",
    "risk managers",
    "healthcare compliance officers"
  ],
  "specialties": [],
  "regions_available": [
    "United States",
    "Canada",
    "United Kingdom",
    "European Union",
    "Australia",
    "Global"
  ],
  "languages_supported": [
    "English"
  ],
  "pricing_model": "enterprise_quote",
  "pricing_details": "Contact vendor for pricing; offers demo and sales conversations (no public list prices).",
  "license": "commercial/proprietary",
  "deployment_model": [
    "SaaS"
  ],
  "os_platforms": [
    "Web"
  ],
  "features": [
    "Automated evidence collection",
    "Continuous monitoring",
    "Controls management",
    "Policy management",
    "Risk management (linking controls to risks)",
    "Vendor / third-party risk management",
    "Security awareness / training management",
    "Automated tests and monitoring",
    "Audit support and readiness workflows",
    "Framework mapping and progress tracking (SOC 2, ISO, HIPAA, etc.)",
    "Integrations catalog and connector management",
    "Compliance reporting and evidence export",
    "Personnel management (HR/onboarding controls)",
    "Access management and vendor access controls",
    "Questionnaire automation"
  ],
  "optional_modules": [
    "Secureframe AI (Comply AI)",
    "Custom Integrations / Secureframe API",
    "Secureframe Federal (FedRAMP/CMMC-focused capabilities)",
    "Continuous monitoring add-ons",
    "Security training (advanced packages)"
  ],
  "integrations": [
    "Google Workspace",
    "Microsoft Office 365",
    "Amazon Web Services (AWS)",
    "AWS GovCloud (US)",
    "Microsoft Azure",
    "MongoDB Atlas",
    "Slack",
    "Zoom",
    "Microsoft Teams",
    "GitHub",
    "Datadog",
    "Azure DevOps",
    "HubSpot",
    "Salesforce",
    "CrowdStrike",
    "1Password",
    "Bitwarden",
    "Duo",
    "Microsoft Sentinel",
    "Checkr"
  ],
  "data_standards": [],
  "api_available": "yes",
  "system_requirements": "",
  "compliance": [
    "SOC 2",
    "HIPAA",
    "ISO 27001",
    "PCI DSS",
    "GDPR",
    "NIST CSF",
    "NIST SP 800-171",
    "NIST SP 800-53",
    "CMMC 2.0",
    "FedRAMP 20x"
  ],
  "certifications": [
    "FedRAMP 20x Low (authorized)",
    "SOC 2 (facility to generate SOC 2 reports / audit support)",
    "ISO 27001 (supported / managed in product)"
  ],
  "security_features": [
    "Encryption at rest and in transit",
    "Role-based access control (RBAC)",
    "SSO / SAML",
    "Audit logs / activity logging",
    "Multi-factor authentication (2FA)",
    "Continuous monitoring",
    "Vulnerability monitoring / scanning integrations"
  ],
  "privacy_features": [
    "Business Associate Agreement (BAA) available for HIPAA",
    "Privacy framework support (GDPR/CCPA guidance)",
    "Data minimization and policy templates"
  ],
  "data_residency": "US hosting options (includes AWS GovCloud for US Gov), leverages major cloud providers for region choices",
  "customers": [
    "AngelList",
    "NASDAQ",
    "Smartcar",
    "Lyra",
    "Ramp",
    "Remote",
    "Coda",
    "Indent",
    "NASD A Q",
    "Smartcar"
  ],
  "user_reviews": [
    "UX and customer support are both really good for the space.",
    "We're at a pretty happy 'set it and forget it' phase with Secureframe.",
    "We demoed Drata, Vanta, Secureframe — Secureframe's sales calls were meh but the product worked well.",
    "Tremendous value compared to Vanta and Drata. Great onboarding experience and dedicated account manager.",
    "We ended up going with Secureframe because it's cheaper and they actually offer some compliance that others don't."
  ],
  "ratings": [
    "G2: 4.7/5 (450+ reviews) — Secureframe product page (G2)",
    "Capterra: 4.8/5 (30+ reviews) — Capterra listings referenced in partner comparisons",
    "AWS Marketplace: positive customer reviews (marketplace listing)"
  ],
  "support_channels": [
    "help_center / knowledge base (ticketing)",
    "email / contact form",
    "request-demo / sales chat",
    "status page (system status)",
    "support portal (ticketing)"
  ],
  "training_options": [
    "documentation",
    "help_center articles",
    "webinars",
    "live_online demos",
    "product updates / release notes"
  ],
  "release_year": "2020",
  "integration_partners": [
    "Zapier",
    "Rootly",
    "SecurityScorecard",
    "Adversis",
    "Conformly AS",
    "Entara",
    "Sprocket Security",
    "Trava Security",
    "UMIT Technologies",
    "Varyence",
    "Vinebrook Technology",
    "PointSolve Technology",
    "Securis360",
    "STAND 8 Technology Services",
    "IT Goat",
    "Usherwood Office Technology",
    "Securis360",
    "Entara"
  ],
  "id": "P1477",
  "slug": "secureframe",
  "type": "product",
  "version": "1.0",
  "last_updated": "2025-09-07",
  "links_json": {
    "self": "https://www.healthaidb.com/software/secureframe.json"
  }
}