InsiderShield User Guide

Welcome to InsiderShield! This guide will help you get started with achieving and maintaining compliance for your organization.

Table of Contents

1. Getting Started
2. Dashboard Overview
3. Managing Controls
4. Integrations
5. Security Findings
6. Policies
7. Reports
8. Team Management
9. Settings

Getting Started

Creating Your Account

1. Visit app.insidershield.io/auth/signup
2. Enter your work email address
3. Create a secure password
4. Verify your email address
5. Complete your organization setup

Choosing Your Framework

InsiderShield supports multiple compliance frameworks:

• SOC 2 - Service Organization Control 2
• ISO 27001 - Information Security Management
• GDPR - General Data Protection Regulation
• HIPAA - Health Insurance Portability and Accountability Act

You can select your primary framework during setup, and switch frameworks anytime from Settings.

Dashboard Overview

The dashboard provides a real-time view of your compliance posture:

Security Score

Your security score (0-100) represents your overall compliance health:

• 90-100: Excellent - Audit ready
• 75-89: Good - Minor gaps to address
• 50-74: Fair - Several improvements needed
• Below 50: Needs attention

Key Metrics

• Controls Implemented: Number of controls marked as implemented vs. total
• Active Findings: Current security issues requiring attention
• Integrations: Connected services being monitored
• Policy Coverage: Percentage of required policies in place

Recent Activity

View real-time updates on:

• Control status changes
• New security findings
• Integration sync events
• Team member actions

Managing Controls

Controls are security requirements defined by your chosen compliance framework.

Control Statuses

• Not Started: Control not yet implemented
• In Progress: Evidence being collected
• Implemented: Control active with evidence
• Auto-Detected: Automatically verified via integrations

Implementing a Control

1. Navigate to Dashboard → Controls
2. Click on a control to view requirements
3. Click Attest to provide implementation evidence
4. Upload supporting documentation or add notes
5. Submit for admin approval

Uploading Evidence

Evidence can include:

• Screenshots
• Configuration exports
• Policy documents
• Training records
• Audit logs

Supported formats: PDF, PNG, JPG, CSV, XLSX, TXT (Max 10MB)

Auto-Detection

Some controls are automatically verified through integrations:

• GitHub: Branch protection, 2FA requirements
• Google Workspace: MFA enforcement, admin settings
• Slack: Security configurations

Integrations

Integrations enable automated compliance monitoring.

Connecting GitHub

1. Go to Dashboard → Integrations
2. Click Connect GitHub
3. Authorize the InsiderShield GitHub App
4. Select repositories to monitor
5. Wait for initial scan (2-5 minutes)

Monitored Settings:

• Branch protection rules
• Two-factor authentication
• Admin access controls
• Repository settings

Connecting Google Workspace

1. Go to Dashboard → Integrations
2. Click Connect Google Workspace
3. Sign in with admin account
4. Grant required permissions
5. Wait for user sync

Monitored Settings:

• User MFA status
• Admin accounts
• Account recovery options
• Suspended users

Connecting Slack

1. Go to Dashboard → Integrations
2. Click Connect Slack
3. Choose your workspace
4. Authorize InsiderShield
5. Configure notification preferences

Features:

• Real-time security alerts
• Finding notifications
• Weekly digest reports

Security Findings

Findings are security issues detected through integrations.

Severity Levels

• 🔴 Critical: Immediate action required
• 🟠 High: Address within 7 days
• 🟡 Medium: Address within 30 days
• 🔵 Low: Address when convenient

Resolving Findings

1. Navigate to Dashboard → Findings
2. Click on a finding to view details
3. Review remediation steps
4. Take corrective action in your system
5. Re-sync integration to verify fix

Bulk Actions

• Filter by severity, integration, or status
• Mark multiple findings as acknowledged
• Export findings to CSV
• Assign findings to team members

Policies

InsiderShield helps you create and manage security policies.

Generating Policies with AI

1. Go to Dashboard → Policies
2. Click Generate Policy
3. Select policy type (e.g., "Acceptable Use")
4. Review AI-generated content
5. Customize as needed
6. Submit for approval

Available Policy Types:

• Acceptable Use Policy
• Information Security Policy
• Incident Response Policy
• Data Retention Policy
• Access Control Policy
• Business Continuity Policy

Uploading Existing Policies

1. Go to Dashboard → Policies
2. Click Upload Policy
3. Select PDF file
4. Choose policy type
5. Submit for approval

Policy Approval Workflow

• Owner or Admin role required to approve
• Approved policies become active
• Version history maintained
• Expiration reminders available

Reports

Generate comprehensive compliance reports for audits.

Creating a Report

1. Navigate to Dashboard → Reports
2. Click Generate Report
3. Select framework and date range
4. Choose report format (PDF or HTML)
5. Wait for generation (1-2 minutes)
6. Download or share via link

Report Contents

• Executive summary
• Controls status overview
• Security findings snapshot
• Policy coverage
• Integration health
• Recommendations

Scheduling Reports

• Weekly: Every Monday at 9 AM
• Monthly: First day of month
• Quarterly: End of each quarter
• Custom: Define your own schedule

Team Management

Invite team members and manage access.

User Roles

• Owner: Full access including billing
• Admin: Manage controls, policies, and users
• Member: View and attest controls

Inviting Team Members

1. Go to Dashboard → Settings → Team
2. Click Invite Member
3. Enter email address
4. Select role
5. Send invitation

Removing Members

1. Go to Dashboard → Settings → Team
2. Find team member
3. Click Remove
4. Confirm action

Settings

Organization Settings

• Organization name and industry
• Primary compliance framework
• Time zone and region
• Logo upload

Billing

• View current plan (Free, Pro, Enterprise)
• Upgrade or downgrade plan
• Update payment method
• View usage and limits
• Download invoices

Notifications

Configure how you receive alerts:

• Email: Immediate, daily digest, weekly summary
• Slack: Real-time notifications (requires integration)
• In-App: Always enabled

API Keys

Generate API keys for programmatic access:

1. Go to Settings → API Keys
2. Click Create API Key
3. Enter key name and scope
4. Copy key (shown only once!)
5. Use in API requests

Security: Treat API keys like passwords. Never commit to version control.

Best Practices

Regular Reviews

• Review findings weekly
• Update control evidence monthly
• Sync integrations daily (automatic)
• Generate reports quarterly

Team Training

• Train team on control requirements
• Share policy documents
• Conduct compliance workshops
• Document processes

Audit Preparation

• Generate pre-audit reports
• Review all control evidence
• Update policies
• Verify integration health
• Export activity logs

Troubleshooting

Integration Not Syncing

1. Check integration status in Dashboard → Integrations
2. Verify OAuth permissions haven't expired
3. Click Re-sync manually
4. Contact support if issue persists

Control Evidence Rejected

• Review rejection reason from admin
• Provide additional documentation
• Clarify implementation details
• Resubmit for approval

Missing Permissions

• Contact your organization Owner or Admin
• Verify your email is correct
• Check spam folder for invitation
• Request role change if needed

Getting Help

• In-App Chat: Click chat icon in bottom right
• Email: support@insidershield.io
• Documentation: docs.insidershield.io
• Status Page: status.insidershield.io

Keyboard Shortcuts

• Cmd/Ctrl + K: Open command palette
• G then D: Go to Dashboard
• G then C: Go to Controls
• G then F: Go to Findings
• G then P: Go to Policies
• ?: Show keyboard shortcuts

---

Need more help? Contact our support team at support@insidershield.io