Secureframe Launches Automated User Access Review Feature to Streamline Governance
What Happened — Secureframe announced the addition of User Access Reviews to its Secureframe Comply platform. The new module replaces manual spreadsheet‑based access reviews with an automated, auditable workflow that pulls user data from integrated systems, assigns reviewers, tracks decisions, and generates audit‑ready evidence.
Why It Matters for TPRM —
- Reduces reliance on error‑prone manual processes that can hide excessive or stale permissions.
- Provides a single source of truth and immutable audit trail, simplifying third‑party audit preparation.
- Enables continuous governance across SaaS applications, lowering the risk of privilege abuse in the supply chain.
Who Is Affected — SaaS vendors, cloud‑hosted service providers, financial services firms, and any organization that outsources critical applications to third parties.
Recommended Actions — Review your current access‑review procedures against Secureframe’s automated workflow, validate that the tool integrates with your existing identity and ticketing systems, and update your vendor risk assessment templates to capture the new control evidence.
Technical Notes — The feature leverages API connectors to pull user and permission data from popular SaaS apps (e.g., Azure AD, G Suite, Salesforce). It schedules recurring review cycles, sends automated reminders, and exports decisions in PDF/CSV formats for audit consumption. No new CVEs or vulnerabilities are introduced. Source: Help Net Security