Secureframe Finds More than 90% Overlap Between SOC 2 and ISO 27001 Controls
Secureframe introduces key capabilities to enable enterprises to scale and customize compliance programs
June 15, 2023—San Francisco—Secureframe, the leading provider of compliance automation software, has found significant overlap of compliance controls shared between various regulatory frameworks in its latest research, experiences, and diligence.
These new findings were released in conjunction with the announcement of several key functionalities allowing customers to introduce flexibility into their security compliance program: the ability to create custom frameworks and custom controls, and a Test Library for users to further automate evidence collection.
Some key findings from an analysis of Secureframe-authored common controls are as follows:
- Organizations compliant with SOC 2 are 90%+ compliant with ISO 27001.
- Organizations compliant with PCI DSS are 80%+ compliant with SOC 2.
- Organizations compliant with ISO 27001 are 65%+ compliant with PCI DSS.
- Organizations compliant with HIPAA are 80%+ compliant with SOC 2.
These findings are significant for organizations that have already invested time and resources in achieving compliance for one regulatory framework. By bridging the gap between frameworks, businesses can effectively extend their compliance efforts to meet other framework standards with minimal additional work.
Secureframe's research not only provides an understanding of the interconnectedness of these compliance frameworks, but also underscores the importance of a comprehensive and flexible GRC (Governance, Risk, and Compliance) program so businesses can reduce the complexity and costs associated with compliance.
Customizing Enterprise Compliance Programs
Today, Secureframe announced the launch of its latest platform updates, designed to meet the evolving security requirements of growing companies.
While standard frameworks can be a great starting point for strengthening security, growing organizations may need flexible frameworks, more suited for their evolving needs. Secureframe now supports custom frameworks, so customers can create personalized frameworks and map tests and controls accordingly. With custom frameworks, businesses build a more tailored security compliance program, catering to a broader range of industries and use cases.
Secureframe provides a control-centric view into an organization’s security program to distinguish framework requirements from business needs, allowing for a more streamlined and efficient compliance approach. With common controls, administrators can map controls to multiple framework requirements, reducing duplicate work.
Additionally, Secureframe recently introduced the flexibility to add custom controls individually or in bulk, enabling organizations to fine-tune their compliance program, so administrators can incorporate specific security controls, processes, and policies that align with their requirements.
Tests provide evidence of adherence to controls and framework requirements. To ensure that customers who create custom frameworks and controls have access to Secureframe automation, Secureframe has recently introduced a Test Library. The Test Library houses all Secureframe tests and custom upload tests, so users can leverage this inventory beyond specific framework mappings to access hundreds of automated tests that have already been built.
"Secureframe's Custom Frameworks have enabled us to implement a compliance program that is specifically tailored to our organization. It ensures that we stay compliant while adhering to our own internal standards and procedures." - Jay Deuskar, CTO PrizePicks
Custom frameworks, controls, and tests ensure maximum flexibility so organizations can customize their compliance programs to align to their business needs. These changes, along with Secureframe’s intuitive compliance architecture, reduce the amount of manual work required for organizations to achieve compliance across one or multiple frameworks with ease, so they can focus on growing the business.
To learn more about Secureframe Test Library, or custom frameworks and controls, please visit the website or schedule a demo here.
Secureframe empowers businesses to build trust with customers by automating information security and compliance. Thousands of fast-growing businesses such as AngelList, Ramp, Remote, and Coda, trust Secureframe to simplify and expedite their compliance journey for global security and privacy standards such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Backed by top-tier investors and corporations such as Google, Kleiner Perkins, and Accomplice Ventures, the company is amongst the Forbes list of Top 100 Startup Employers for 2023.