Secureframe raises $18M Series A to simplify cybersecurity compliance

Zack Whittaker
·2-min read

Security compliance may not be the hottest conversation starter, but it's a critical and often grueling process that companies have to endure every year to show that their security practices are up to par. It's a burden that bogs down startups more than others, and so it's fitting that startups are trying to find a better way.

Enter security compliance startup Secureframe, founded by Shrav Mehta and Natasja Nielsen, which thinks it has.

The company is announcing it has raised $18 million at Series A, led by Kleiner Perkins and with participation from Gradient Ventures and Base10 Partners, which led its $4.5 million seed round, less than a year after it was founded in January 2020.

Secureframe helps businesses maintain two key cybersecurity certifications, SOC 2 and ISO 27001, which many companies require before they will do business. Secureframe's compliance platform integrates with dozens of the most used cloud providers and apps to understand its customers' security posture. The benefit, the company says, is that it can help companies get their certifications and become compliant in weeks, rather than months.

Shrav Mehta, the company's co-founder and chief executive, told TechCrunch that it's paying off, with a tenfold increase in revenue growth over the six months alone, and with more than 100 new customers, like software house Hasura and Omni, a Y Combinator graduate from the summer 2020 batch.

Mehta said the fresh funding round will help the company grow beyond the two certifications into an enterprise-grade risk and compliance management platform, such as the U.S. health privacy rules like HIPAA, and PCI compliance for secure card processing.

In the long term, Mehta said, he wants the company to design and offer its own compliance certifications.

In remarks, Kleiner Perkins's Josh Coyne said Secureframe is leading the effort to modernize security compliance. "Secureframe is turning the industry on its head by automating compliance certifications end-to-end, serving as the single source of truth for commercial compliance," he said.