Skip to main content
SecurAtlas uses the information in your workspace settings to calculate your financial exposure, recommend compliance frameworks, and determine which controls are required. This page explains each section of the Settings page, what the fields mean, and when you need to update them.
Only users with the Owner or Admin role can edit settings. Members and Viewers see the same information but cannot make changes. MSP partner users who manage a client workspace can also edit settings without holding a direct membership role.

Deployment profile

Your deployment profile controls what gets loaded into your control library and which controls are required versus recommended. SecurAtlas ships five profile types:
Profile typePurpose
BaselineSeeds all 64 controls. The default starting point for every workspace.
IndustryAdds industry-specific controls on top of the baseline.
CompliancePrioritizes controls that satisfy specific regulatory requirements.
CloudEmphasizes cloud infrastructure and configuration controls.
CustomA profile tailored by your MSP partner or SecurAtlas team.
The Baseline profile seeds all 64 controls in the library. Any control with a severity rating of 5 is classified as Required. Required controls receive no self-attested credit in the risk model — you must upload validated evidence before they contribute positively to your score. Profiles are assigned during onboarding or by your MSP partner. If you need a different profile applied, contact your partner or the SecurAtlas support team. You can use the Re-run Baseline button on the settings page to re-seed the control library from your current active profile without losing existing implementation data.

Organization profile and financial inputs

Your organization profile stores the descriptive attributes that SecurAtlas uses for framework recommendations and financial modelling context.To update your organization profile:
  1. Go to Settings in the left navigation.
  2. Scroll to Organization Profile.
  3. Edit any of the following fields and click Save.
FieldWhat it controls
NameThe display name for your workspace.
IndustryUsed to select industry-specific risk benchmarks and framework recommendations.
Employee rangeA broad headcount band used in ALE calculations when an exact count is not entered in Financial Inputs.
Annual revenue rangeA broad revenue band used in ALE calculations when an exact figure is not entered in Financial Inputs. Options range from Under 500Kto500K to 50M+.
Cloud providerIdentifies your primary cloud platform. Used to surface relevant cloud controls and integration recommendations.
The revenue range and employee range fields use bands rather than exact figures. If you have entered exact values in the Financial & Risk Inputs section, those override the range values for ALE calculations.

Compliance frameworks

The Compliance Frameworks section lets you select which frameworks apply to your organization. SecurAtlas supports:
  • ISO 27001
  • SOC 2
  • NIST CSF
  • HIPAA
  • PCI DSS
  • CIS Controls
Adding a framework does not create new controls. SecurAtlas maps your existing 64 controls to each framework and calculates a readiness percentage based on your current implementation status. Removing a framework hides the readiness view for that framework but does not affect your controls or evidence. Each framework in the list shows the number of controls that map to it. Toggle frameworks on or off by clicking the switch next to each one.

Risk pipeline

The Risk Pipeline section lets you manually trigger a full recalculation of your risk score and financial exposure. SecurAtlas recalculates your score automatically when you change a control’s status or upload evidence. Use the Recalculate button in this section when:
  • You have made multiple bulk changes and want to force an immediate update.
  • You have updated your financial inputs and want to see the revised ALE immediately.
  • Your score appears stale after a large batch of evidence uploads.
The section also shows a summary of the financial model inputs currently in use — annual revenue, employee count, and the date the inputs were last updated — so you can confirm the correct values are feeding the calculation before you run it.

Evidence expiry

Evidence expiry controls how long a piece of uploaded evidence remains valid before SecurAtlas marks it as expired. The default is 365 days. When evidence expires, it no longer contributes to the confidence score for its control. Controls with expired evidence may see their score contribution reduced until new evidence is uploaded. To change the evidence expiry setting:
  1. Go to Settings in the left navigation.
  2. Scroll to Evidence Expiry.
  3. Enter the number of days you want evidence to remain valid.
  4. Click Save.
Only Owners and Admins can change this setting. Choose a value that reflects your audit cycle — most organizations align this to their annual review cadence (365 days) or a shorter period required by their compliance framework (for example, 90 days for some SOC 2 controls).

Next steps

Manage team members

Invite teammates, assign roles, and manage workspace access.

Grant auditor access

Share read-only workspace access with external auditors.