Becoming and staying compliant with one or more compliance frameworks is critical for the growth of any organization. Getting up-to-speed on compliance requirements and defining (let alone understanding) controls is incredibly time-consuming. This results in a high opportunity cost for DIY-ing your audit prep.
Working with a compliance platform will save you valuable time and allow you to stay focused on the pieces of your business that you do best.
Today we’re excited to share our workflows for three of the leading compliance platforms: Secureframe, Vanta, and Drata.
By using a compliance platform + Indent together you can have:
A friction-free approvals workflow allows approvers to grant and set access duration via Slack. This means requesters get access in seconds, not days. By granting time-bound access, fewer users retain access that needs to be reviewed. This simplifies quarterly access reviews, which can also be completed in Indent.
Start by setting up your policies: Indent’s policy engine is just one more tool that helps teams stay compliant with whatever framework you’re pursuing. For instance, setting access requests to notify the requester’s manager for approval is as easy as checking a box. Once you have your policies in place, your team can start requesting and approving access.
Complete periodic access reviews: Everytime someone requests access, Indent automatically documents it.
To perform an access review, you can use filters to review access on a per-system or per-user basis. You can filter and select personnel, view the access they have, and perform any necessary revocations. On a per-user basis, you can offboard them and revoke all their access in just two clicks.
Audit evidence ready to export from Indent into your compliance platform
Export your evidence: Your access review data and your aggregated access logs get compiled into the Access Control Report page in the Indent dashboard. There you can easily configure the date ranges for the audit and download your evidence. All that’s left to do then is to upload it into your compliance platform. Some auditors will ask for screenshots of the export parameters or follow-up with requests for sample selection, all of which you can do easily in the Indent dashboard.
Secureframe helps you automate and streamline security, privacy and compliance. They provide automated guardrails and give you greater visibility of compliance across your stack. Get detailed risk reports and real-time alerts on non-conformities in your tech stack as they appear—so you have the information you need to achieve and maintain continuous compliance.
You can also design and bootstrap security policies from their library to satisfy compliance requirements like SOC 2, HIPAA, ISO 27001, PCI DSS, GPDR, CCPA, and regional privacy laws.
Soon, Secureframe will release their Trust API, allowing us to build an integration that will remove all of the manual steps described above. We’re excited that our customers will be able to automatically sync audit evidence into Secureframe without any extra work.
Get started: Secureframe + Indent docs →
With Vanta teams can become compliant in weeks not months, and get the certifications they need to build trust and close deals. It integrates with the tools you already love so you have total visibility into what is going on across your organization. Vanta runs hourly checks and flags gaps as they arise, making them easier to squash. It even simplifies the development, implementation, and mapping of your security policies with policy templates.
Recently Vanta announced their Connectors API. We’re stoked that we’ll soon be able to automate the above steps by integrating directly with Vanta. Stay tuned for that announcement!
Get started: Vanta + Indent docs →
Drata continuously monitors and collects evidence of a company’s security controls, while streamlining compliance workflows end-to-end to ensure audit readiness. It integrates with many popular tools, so you have total visibility into what is going on across your organization.
Get started: Drata + Indent docs →