# How do you use Secureframe? How do you use Secureframe? ##### Post Metadata - Net upvotes: 1

# What is soc2? What is soc2? ##### Post Metadata - Net upvotes: 1

# How are you getting value from the AI features when first-pass answers and automation feel hit-or-miss? Part of why I committed to Secureframe was the promise that AI and automation would take some of the grind out of security reviews and task management. In practice, I see a big gap between that promise and what I can rely on day to day. First-pass AI answers on questionnaires and reviews are often incomplete or just wrong, so I still have to comb through and correct them before anything goes to a customer. Many questionnaire fields stay blank or are filled with guesses, and there is still a lot of manual work around task frequencies and explaining tasks clearly to my team. I find myself double-checking the tool instead of trusting it, which eats into the time I hoped to save. For those of you actively using the AI and automation features, how are you working around these accuracy gaps so they actually reduce your workload instead of adding another review step? ##### Post Metadata

# Is anyone else struggling with limited reporting and document/search friction during executive reviews? When I sit down with leadership or auditors, I need to pull clear views and specific documents quickly. Right now I find myself fighting the tool more than I expected. Some reports are hard to customize unless you are an admin, and exports do not always reflect the view I want for that meeting. Categorizing uploads can be awkward when the dropdown choices do not match what I am actually storing, and on top of that, locating documents or searching policies across the board is harder than it should be. I end up wasting meeting time clicking around or following up later with extra screenshots and files. Are others running into these same reporting and document search hurdles, and how do you prepare so you do not get stuck in front of your execs or auditors? ##### Post Metadata

# What do you do to make the first-year setup and control mapping less overwhelming? Each time I help a new business unit or a new company stand up Secureframe, the first-year lift feels huge. Mapping our internal processes to the standard controls, pulling in vendors after a migration, and aligning several frameworks at once all stack up to weeks of focused effort. I often find myself juggling calls with our CSM, manual spreadsheets, and trial-and-error configuration just to get a baseline that makes sense for how we actually work. Once things are in place, it is usually fine, but that initial ramp can pull me away from other priorities and is hard to explain to stakeholders who thought this would be “quick.” For those who have gone through this a few times, how have you made the first-year setup and mapping less of a drag on day-to-day work? ##### Post Metadata

# How are other teams handling integrations that are partially supported or keep needing manual work? My team leans heavily on integrations to cut down manual evidence collection, but I keep running into edge cases that add surprise work. Some tools we use are not integrated at all, so we end up tracking things in spreadsheets on the side. In other cases the integration exists, yet evidence does not map cleanly and we have to recreate or re-upload items during setup, or re-sync things after updates. Even where it is “working,” I have seen AWS and other services sync slowly or freeze, which makes it hard to know if I can trust what I am seeing before I talk to an auditor. For those of you with a mixed stack of cloud and work tools, how are you coping with missing or brittle integrations so they do not derail your audit prep? ##### Post Metadata

# Unreliable training and login flows slow down my audits and force awkward deadline conversations I rely on Secureframe to keep our audit work moving, so it becomes a real hurdle when basic access and training flows do not behave predictably. I have had security training fail to save progress, which meant repeating modules when I was already up against an internal deadline and had to explain to my manager why something that “should have been done” was still in progress. On top of that, sporadic 2FA and login issues add more time just to get into the tool and keep our team moving. These are small friction points individually, but when they happen close to audit milestones they undercut the trust I am trying to build in our compliance schedule. Has anyone else had training completion or login issues affect their ability to meet internal or external audit timelines, and how do you plan around that risk? ##### Post Metadata

# What is the difference between ISO and soc2? What is the difference between ISO and soc2? ##### Post Metadata

# What does Secureframe do? What does Secureframe do? ##### Post Metadata