Sign In

Your company fits our integration perfectly

Strike Graph's evidence integration provides the largest amount of evidence automation compared to any platform on the market. We believe that to be effective and efficient you deserve to customize your compliance. With our integrations you can select any data from your business system. Here is just a sample of the evidence that can be automatically gathered on the Strike Graph platform today.

Any document, your drive.

Google Docs

docs_2020q4_48dp

 

Google Sheets

sheets_2020q4_48dp

 

Google Slides

slides_2020q4_48dp

 

Google Forms

forms_2020q4_48dp

 

Google Drawing

1200px-Google_Drawings_2015_Logo.svg

 

Google Drive

hh_drive_96dp

 

Word

1200px-.docx_icon.svg

 

Excel

1024px-.xlsx_icon.svg

 

PowerPoint

1200px-.pptx_icon_(2019).svg

 

A mountain of audit evidence is needed to support a cybersecurity compliance audit. Consider where the bulk of that information realistically lives. Probably on a shared drive or business cloud solution. We don't offer brittle “one-off” integrations that pigeon hole you into useless controls with only one form of verification. Our approach to integrations, like the rest of Strike Graph, ensures flexibility to support your company's unique evidence requirements.

The Integrated Evidence Catalog

If your evidence typically sits on Google Drive and the processes around it are functioning exactly as you intended, why onboard a handful of disparate controls that you may not really need just to save a small amount of time with audit evidence. Your processes and procedures are unique! Don't get led down a path showing you costly gizmos, when what you have works just fine.

Evidence Name

Evidence Description

SOC 2

Completed Incident Form Provide a recently completed security incident form. CC7.4
Approved Training Request Provide an approved security training request for a recent employee. CC1.4
Employment Status Management Provide a spreadsheet of the current employment status of each employee including at a minimum date of hire and termination. CC6.2, CC6.3
Contractor Status Management Provide a spreadsheet of the current status of individuals from third party vendors including date of provided access and termination of responsibilities. CC9.2, CC6.2, CC6.3
Employee Key/Secret Access List Provide the list of authorized users with access to client secrets, master passwords, and encryption keys. Ensure that everyone on the list is appropriate. CC6.1
Example release checklist Provide a copy of the release checklist which documents the approval step before tested and staged changes are deployed to production environments. CC8.1
Example sprint plan Provide an example sprint plans document showing the work required to test, stage, and deploy a change to production environments. CC8.1
Change Management Processes The adopted product management planning methodology and delivery processes. CC5.2
Acceptable Use Policy An Acceptable Use Policy signed by an employee on-boarded during the year. CC2.2
Access Policy & Procedures The document that details the logical access policy and procedures. CC6.1
Access Removal Process Provide the procedures or checklist used by IT to remove system access when employees are terminated. CC6.2, CC6.3, CC9.2
Acknowledged Code of Conduct Attach a signed (or electronically acknowledged) Code of Conduct for the most recent new hire. CC1.1
All-hands Event For the most recent all hands quarterly meeting, copy of the meeting notes and/or presentation shown during the meeting. CC2.1, CC2.2
Backup Access Process Provide screenshots showing who has access to backups for the in-scope systems. CC7.5, A2.1, PI2.5
Backup Restore Sample Provide the backup restoration procedures/document. CC7.5, A2.2
Board Meeting Notes For the most recent Board of Directors meeting, copy of the meeting notes and presentation shown during the meeting. CC1.2, CC1.1
Breach Response Plan Provide the Organization's breach procedures. It should include: the role of employees in the event of a breach, remediation actions and lessons learned. P6.5, P8.1, P8.1, CC9.2, CC2.3, CC7.3, P6.3
Change Management Policy Provide the Change Management Policy. CC5.3, CC6.8, CC8.1, CC8.1, CC8.1, CC2.2, CC5.2
Cloud Security Review Provide evidence that any items discovered from cloud service security center review for the period were triaged and actioned. CC4.1, CC5.3, CC7.1, CC7.2, CC7.2
Customer Onboarding Process Provide presentation or other materials used to on-board customers. CC2.3
Cyber Security Insurance Provide support showing that Organization carries cyber security insurance for the reporting period. CC9.1
Data Flow Diagram Review Provide the data flow diagram. Ensure that it has a 'last updated' date included and that the date is within the audit period. CC3.2, CC5.1, CC6.1, CC2.2
Data Management Policy Provide the Policy or Procedures governing information categories, usage, storage, and transmission of data. C1.1, P4.3, P4.2, CC6.5, C1.2, C1.2
Data Removal Procedures Guidelines or steps for data removal. P4.3, CC8.1
Disaster Recovery Plan Provide the Organization's Disaster Recovery Plan. CC9.1, A2.1
Emergency Change For a sample emergency change, provide evidence showing when the change occurred within the system and supporting evidence that the change was reviewed and approved in line with the Change Management Policy. CC8.1
Employee Job Descriptions Copy of information of internal users communicated to perform job duties. CC1.3, CC1.4, CC2.2
Employee Screening For the most recent new hire, provide support that they were screened prior to employment. CC1.4
Encryption Key Access Process Provide screenshot or support showing who has access to master passwords and encryption keys and where they are stored. CC6.1
High Risks Screenshot of each High Risk that shows on Export. Show controls activated for each. CC3.2
Incident Notification Customer Sample For an example security incident, provide evidence that appropriate stakeholders were notified. CC2.3, CC7.4
Incident Response Plan Provide a copy of the Security Incident Response Plan/Policy. CC2.2, CC7.3, CC7.4
Information Security Policy Provide the Information Security Policy. CC5.3
Infrastructure Monitoring Alert Configuration Sample alert generated by infrastructure monitoring. CC4.1
Job Interview Notes Provide interview notes for the most recent new employee, and for the most recent new contractor. CC1.4
Job Descriptions Screenshot showing where the information is located. CC1.3, CC1.4, CC2.2
Logical Separation Diagram Diagram describing logical separation in the application. CC8.1
Monitoring and Alerting Policy Documentation shared with the engineering team describing responsibility for responding to alerts. CC4.1, CC5.3, CC6.6, CC7.1, CC7.2
New Contractor Access Sample For the most recent new contractor, provide ticket showing new user access request. CC6.4
New Employee Access Sample For the most recent new employee, provide ticket showing new user access request. CC6.4
Organization Chart Provide the most recent organizational chart. Ensure that it includes the date it was last updated. CC1.3
Password Policy Password complexity requirements applied to end users. CC6.1
Password Policy Exception Approval Document showing CTO approval for Password exceptions. CC6.1
Patch Management Policy Provide the patch management policy or procedures. CC8.1
Penetration Test Results A copy of the annual penetration test report. Provide documentation (ex: remediation tickets) showing that all critical and high risk vulnerabilities discovered were resolved or actioned appropriately. CC2.1, CC4.2
Performance Improvement Plans A recently completed performance improvement plan. CC1.4, CC1.5
Privileged Access Policy Provide the document that addresses policies and procedures for sensitive and privileged access. CC 6.1, CC6.2
Quarterly User Access Review Results of the most recent user access quarterly review. CC6.2
Reference Check: Employee For the most recent new employee, provide a copy of the completed reference check. CC1.4
Risk Assessment Report Evidence showing risks are communicated to management. CC3
Security Training: Current Employee & Contractor For a sample current employee and Contractor, provide evidence showing annual training was completed. CC2.2
Security Training: Recent Contractor For the most recent new contractor, provide evidence showing training was completed. CC2.2
Security Training: Recent Employee For the most recent new employee, provide evidence showing training was completed. CC2.2
Server Room Access Provide a list of users with key access to the on-site server room. CC6.4
Server Room Approval For any users who were given new access to the server room during the audit period, provide evidence that their access was appropriately approved. CC6.4
Signed Code of Conduct A copy of the Code of Conduct signed by the most recent new hire. CC1.1
Signed Non Disclosure Agreement Provide a signed Non Disclosure Agreement for the most recent new hire. CC9.1
Signed Statement of Work Provide an example signed Statement Of Work. CC2.3
Signed Third Party Non Disclosure An example of a signed non-disclosure agreement for a third party with access to personal information. The NDA should be from the audit period. CC9.2
Termination Ticket: Employee For the most recent terminated employee, provide termination ticket. CC8.1
Terms of Service Agreement Screenshot of where in the system a user has to agree to the Terms of Service. Agreement clearly outlines and communicates the terms, conditions, and responsibilities of users. CC2.3, PI1.1
Third Party SOC2 Review The most current SOC 2 report for each subservice organization in scope. CC9.2
Training Materials Provide a copy of the all hands security and privacy training materials from the audit period. CC2.2
Updated Network Diagram Copy of the network diagram, include proof of the last review/update date. CC3.2, CC5.1, CC2.2
Vendor Contract Provide the most recent executed vendor contract showing scope, responsibilities, and security (and privacy, if applicable) compliance requirements. CC9.2

Learn how you can leverage Strike Graph for your cybersecurity needs