Secureframe Raises $4.5M to Simplify Compliance Audits

The demand for security management certifications, such as SOC 2 and ISO 27001, is steadily growing, with an increasing number of businesses now requiring their software providers to demonstrate compliance through successful audits. This can be a challenging undertaking for many organizations, which explains the recent emergence of startups focused on simplifying this process. Following Strike Graph’s $3.9 million funding round earlier this month, Secureframe, a company dedicated to helping businesses achieve and maintain SOC 2 and ISO 27001 certifications, has announced a $4.5 million round of funding.

This funding round was jointly led by Base10 Partners and Gradient Ventures, Google’s fund specializing in artificial intelligence. Additional investors included BoxGroup, Village Global, Soma Capital, Liquid2, Chapter One, Worklife Ventures, and Backend Capital. Stream, Hasura, and Benepass are among Secureframe’s current clientele.

Image Credits: Secureframe

Shrav Mehta, co-founder and CEO of Secureframe, attributes the inspiration for the company to his experiences at several organizations, particularly his time with direct-mail service Lob.

“During my time at Lob, we frequently encountered security and compliance challenges due to the sensitive nature of the data we handled. We regularly engaged with customers, completed extensive security questionnaires—often exceeding a thousand lines—and underwent thorough security reviews. This was a significant undertaking for a startup of our size, but it was a necessary requirement for our customers. This experience highlighted a clear pain point,” Mehta stated.

Secureframe co-founder and CEO Shrav Mehta

Following roles at Pilot and Scale AI after leaving Lob in 2017, and after providing informal assistance to other companies navigating the certification process, he co-founded Secureframe alongside the company’s CTO, Natasja Nielsen.

“By incorporating substantial automation into our software and simplifying the overall process, Secureframe significantly reduces the cost of compliance, making it accessible to a wider range of companies,” Mehta elaborated. “Our goal is to enable all organizations to establish a strong security foundation from the outset, without the concerns of excessive time commitment, lengthy timelines, or prohibitive expenses. We are dedicated to resolving these issues and ensuring security is easily attainable for every organization.”

The core objective is to demystify the certification process and streamline preparations for audits by automating many of the most time-consuming tasks. Secureframe achieves this by integrating with commonly used cloud and SaaS applications—currently supporting approximately 25 services—and collecting data to assess security status.

“The experience is designed to be similar to using accounting software like QuickBooks or TurboTax, where we guide users through providing essential business details. We aim to pre-populate as much information as possible from external sources and then facilitate connections to the various integrations the business utilizes,” Mehta explained.

The company intends to allocate the majority of the new funding towards expanding its team and developing further integrations. Future plans also include adding support for additional certifications, such as PCI, HITRUST, and HIPAA.