SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Screenshot 2026 04 09 at 15.53.22
#
Data Protection
#
PAM
#
Cloud Security

Secureframe launches access review tool for compliance teams

Thu, 9th Apr 2026
Author image
By Kaleah Salmon, News Editor

Secureframe has launched User Access Reviews within its Secureframe Comply platform, giving organisations a single workflow for managing access reviews.

The addition is intended to replace manual review processes that often rely on spreadsheets, email chains and follow-up across separate systems. Teams can assign reviewers, assess permissions, record decisions and track remediation steps, all with an audit trail.

Organisations conduct access reviews to verify that staff have the appropriate level of access to systems and data. In many businesses, that process still sits outside central compliance tools, making it harder to show auditors who reviewed access, what decisions were made and whether changes were completed.

The new tool can pull user data from integrated systems or CSV uploads, with reviews scoped by application. Reviewers can decide whether to maintain, modify, revoke or mark access as out of scope, while follow-up tasks can be sent to connected ticketing tools.

It also includes recurring review schedules, automated reminders and status indicators to reduce manual chasing. Exportable summaries capture reviewer identity, decisions and remediation actions for audit use.

"Access reviews are one of the most important security controls organisations have, but they're still often managed through spreadsheets and email threads," said Shrav Mehta, founder and CEO of Secureframe.

"User Access Reviews gives teams a simple way to evaluate access, document decisions, and ensure follow-through without turning the process into a coordination headache."

Audit Pressure

The launch comes as companies face heavier compliance and evidence-gathering workloads. Secureframe cited findings from its 2026 Cybersecurity & Compliance Benchmark Report, which showed that nearly one-quarter of security and compliance leaders named audit preparation as their biggest challenge, while teams spend about 8 hours a week on manual compliance work such as evidence collection and documentation.

That pressure has made access governance more visible for security and compliance teams. Compromised credentials and excessive permissions remain common factors in security incidents, while over-privileged accounts are also a recurring audit concern.

Secureframe said its new dashboard is designed to support three parts of an access programme: setting governance rules around who should have access, identifying outdated or misplaced permissions, and producing audit evidence when needed. It positions the feature as part of its broader governance, risk and compliance offering rather than a separate point product.

Broader Platform

Alongside User Access Reviews, Secureframe Comply supports work across security and privacy frameworks, including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST and custom frameworks, according to Secureframe. The platform also includes monitoring for failing controls and misconfigurations, as well as tools for vendor risk management, employee training and evidence collection.

These functions are aimed at organisations trying to manage tighter oversight of data access while coping with stretched security resources. Secureframe also pointed to broader industry figures showing stronger spending on privacy programmes and rising concern about data leaks linked to generative AI.

According to the company, 99% of organisations report tangible benefits from their privacy programmes, while 38% spent USD $5 million or more in the past year. It added that 80% of AI leaders cite cybersecurity as the biggest barrier to their AI strategy. It described data leaks tied to generative AI as the top security concern heading into 2026.

Secureframe argues that bringing access reviews into the same system as controls, policies and evidence could reduce the need to gather audit records from separate tools and email threads. That reflects a broader trend in the compliance software market, where vendors are trying to consolidate fragmented governance tasks into fewer systems.

A customer example in the announcement focused on evidence gathering across multiple third-party systems.

"I saw how easy it was to use and how easy it would be to have a central location where we would keep all policies and documents. Secureframe would take care of pulling evidence from our cloud environment, authentication, and HR systems. Before Secureframe, our compliance team had to obtain evidence manually from each third party system," said Jair Basso, VP of Security at Wealth.com.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member