Supporting Enterprises through Customization: Secureframe Custom Controls and Frameworks

  • August 15, 2023

Donna Lee

Senior Product Marketing Manager at Secureframe

As companies scale, their operations become more intricate – involving diverse environments, larger teams, and an increased need for robust security measures. While Secureframe provides several standard frameworks by which our customers can achieve compliance, these frameworks may only address some of the security concerns your organization faces. 

To meet the evolving security requirements of growing companies, we’ve introduced several updates to our platform, providing organizations of all sizes the ability to create a compliance program tailored to their business needs. These updates empower companies to scale – to customize their compliance programs and align their security controls, processes, and policies with their individual requirements, industry standards, and regulatory obligations. 

How Secureframe approaches compliance

Every framework includes requirements mandated by a governing body that organizations must meet to achieve compliance. Controls serve as the means by which organizations meet those requirements, and they must provide evidence of adherence to these requirements. By integrating with our customers’ tech stack, we automatically collect audit evidence and continuously monitor security hygiene to help customers pass their tests, monitor their security posture, and satisfy framework requirements. 

We’ve taken several steps to build customizability into the platform at each level of compliance, so growing organizations can adapt their security programs to their unique business needs.

What we’re announcing

Today we’re excited to announce custom frameworks, custom controls, and Test Library, along with several other changes to the platform to increase customizability for you to grow your business. 

Custom Frameworks

Recognizing the need to cater to organizations with unique framework requirements, Secureframe now supports custom frameworks. Customers can create their own custom frameworks and map their tests and controls to those frameworks. 

This enhancement ensures that Secureframe remains the source of truth for all compliance-related activities, even for organizations with unique or industry-specific framework requirements.

Custom frameworks allow for a more comprehensive and tailored compliance management solution, accommodating a broader range of use cases.

User creating custom framework in Secureframe platform

Custom Controls 

The Secureframe Controls page provides a business-first view of an organization’s compliance program across all frameworks. Here, organizations can gain insights into which framework requirements and tests are mapped to each control, irrespective of the frameworks in which they reside. 

With the ability to create common controls, admins can map controls to multiple framework requirements to reduce duplicate work. This control-centric perspective allows for better distinction between framework requirements and business requirements

Secureframe also now offers the flexibility to add custom controls individually or in bulk. Admins can bring in a full custom control set and take advantage of our automated testing, or use the Secureframe-provided controls. By incorporating their own defined controls, organizations can ensure that the compliance program reflects their unique business requirements accurately. 

Users can edit controls and test mappings for further customization options and fine-tune the platform to meet their evolving compliance requirements effectively.

Test Library

The way Secureframe gathers evidence of adherence to controls is through tests. With this launch, we’re excited to introduce Test Library – a repository of all Secureframe and user-created custom tests. Users can access this inventory of tests that may not be directly mapped to specific frameworks, allowing them to incorporate additional tests and take advantage of the hundreds of automated tests that Secureframe has already built.

With both custom frameworks and custom controls, users can tap into the Test Library to take advantage of Secureframe’s automated tests.

Secureframe provides pre-built tests, mapped to applicable controls, but if existing Secureframe-authored tests do not meet your company’s criteria, you can create custom tests that accept file uploads as evidence. 

How to take advantage of these latest updates

Secureframe's latest updates empower organizations to customize their compliance programs, ensuring seamless alignment with their unique requirements. The introduction of custom frameworks, custom controls, and the test library increase adaptability in the Secureframe platform, so organizations with more sophisticated needs can integrate their specific requirements to maintain a source of truth around compliance.

Learn more about Secureframe frameworks, controls, and tests on our website or reach out to schedule a demo with one of our compliance experts. Customers can also find more information in the custom frameworks and test library documentation.