Achieving compliance with HIPAA and SOC 2

Learn how GoReact — an award-winning, cloud-based video recording and feedback platform — obtained SOC 2 and HIPAA compliance in a matter of just weeks thanks to Strike Graph.

Orem, UT



Security compliance Measuring/certifying security programs SOC 2 HIPAA

GoReact is an award-winning, cloud-based video recording and feedback platform that helps students and educators improve their skills. It’s used by over 1,000 colleges and universities around the world. All of its features are aimed at creating a seamless and effective learning experience that helps people improve their skills and achieve their goals 

The Challenge

As a result of its recent growth, GoReact decided it had to prioritize its security and privacy program to meet the security requirements of its current and future customers. The company already believed it had a strong security posture, but it needed to verify compliance with both HIPAA and SOC 2 since it handles sensitive data for educational institutions, including health training facilities. 

While GoReact was fairly confident it didn’t have far to go to reach compliance, thanks to strong existing policies, the company’s leadership felt it was important to work with a platform that would help fill in the blanks and simplify the process. As Aaron Gibson, VP of technology at GoReact, put it, “I didn’t want to see us get into archaic methodology going after SOC 2.” 

Achieving SOC 2 compliance used to mean tedious manual documentation and audit processes that could take between several months and, potentially, up to more than a year. GoReact wasn’t willing to do that. “It’s the 21st century,” Gibson said, “let’s find a solution that has auditors work within the platform.” 

The Strike Graph Partnership

The 21st-century solution GoReact found was Strike Graph. Strike Graph’s all-in-one compliance and certification platform makes achieving both HIPAA and SOC 2 easier and more efficient. GoReact was able to link existing and new controls and policies to both frameworks, where appropriate, cutting the company’s work in half. “Being able to knock them out at the same time was great,” said Gibson. 

Two of the features that Gibson found the most helpful were the ability to see the company’s progress toward compliance at a glance in the dashboard and the clear step-by-step instructions for next steps. Strike Graph's platform enabled GoReact to easily import and map its existing controls and evidence to HIPAA and SOC2, and the included out-of-the-box controls and templates helped GoReact quickly supplement its existing security measures.

Another feature that GoReact was excited about was automated evidence collection. “The ease with which I can see the control and then map our evidence to that,” said Gibson, “and being able to link evidence found in Google Drive, and then have the automated refreshes of those things were good.”

The Outcome

Thanks to Strike Graph, GoReact was able to achieve compliance with HIPAA and SOC 2 in just three months, a significant time savings compared to the traditional auditing process. In addition, the company was able to avoid the disruptions often associated with big auditing firms.

GoReact is now able to confidently sell to a wider range of colleges and universities. “Strike Graph has been a great force multiplier for us in our readiness to be able to show up to those conversations ,” said Gibson. “It's going to transform the way we sell to higher ed.”

What's Next?

While GoReact originally thought it only needed SOC 2 and HIPAA compliance, the company is now planning to pursue other compliance certifications as well, such as NIST 800. Gibson is excited that having overlapping controls and policies already in place in the Strike Graph platform for SOC 2 and HIPAA will make future certifications faster and easier. 

GoReact plans to continue using Strike Graph for their compliance needs. “We feel really great about what we got across the finish line. And now we’re into our first year of maintaining audit compliance. We are completely satisfied with what we accomplished by leveraging Strike Graph,” said Gibson. “Strike Graph will continue to provide tight feedback loops for us to be able to monitor and ensure that we are continuing to collect, process, store, and distribute our customers' data safely and securely.”


  • copy-link-icon

    Copy URL

  • facebook-icon
  • linkedin-icon

We knew SOC 2 was a priority and felt like we had good security practices but lacked a real system of organization. Strike Graph's platform allowed us to design our controls in accordance with the SOC 2 criteria and quickly achieve Type 1 compliance. With their help, six months later we were able to complete our Type 2 and secure our contract. Stike Graph was helpful in not only getting through the audit but elevating our internal security discussions as well.


President, NROC

Are you ready to build trust through cybersecurity?