Before implementing Strike Graph, Black Mountain Software’s compliance efforts were largely ad hoc.
“Prior to Strike Graph, we tried to secure what we could, but the efforts were not nearly as focused as we are now. We had looked at setting up a NIST framework within Jira; we looked at a few other tools, but there was nothing as well-organized as Strike Graph.”
Managing policies and company compliance was manual and fragmented. Melissa Sneed, Security Officer at Black Mountain, recalls the challenge:
“I watched a bunch of YouTube videos on how to set up our own in Jira using Google Forms and Sheets, and it just wasn't a really great fit — it felt very disorganized.”
When a large potential client required SOC 2 certification, Black Mountain began searching for a solution that could simplify the entire process and provide transparent pricing.
“So once we got in touch with Strike Graph, it was very appealing that it was an all-in-one package – we pay one fee, they helped us get everything assembled, they engaged an auditor and provided them a copy of all the evidence, then the auditor completed the audit – there was no additional work on our end. And after the fact, it’s been really nice because we now have a repository of information that anybody can go to if they’re curious about anything we’re doing control-wise.”
“I was very nervous about going through our first SOC 2 certifications and audits, and they've made them as painless as possible — I couldn't ask for anything better.”
- Melissa Sneed, Security Officer
Melissa recently began using Strike Graph’s Security Questionnaires, powered by AI Security Assistant, to manage vendor assessments and security questionnaires — a major source of manual work.
“I just recently tried out the AI feature for checking a vendor questionnaire against our control list and it turned out really nice. That was super slick that it could go through and tell you what controls applied to each of the questions for the vendor as best as it could, so that'll save a bunch of time in the future.”
She estimates she handles 15 to 20 questionnaires a year, each of which used to take hours.
“Those would take me 2–3 hours easily. Now it takes me 15 minutes to run, then 20 minutes to review and write what it didn’t know or didn’t answer completely.”
Black Mountain Software uses Strike Graph’s Office 365 and Jira integrations to automate evidence collection.
“The Office 365 integration has been great because it will just pick up whatever is in the folder – the most recent item. It’s made life so easy. If we didn’t have the integrations through Strike Graph, it would at least double the collection time.”
“It is really nice to see the new features here and there, and I was thrilled when I saw that Integrations will start automatically picking up the most recent file in a folder.”
From setup to daily use, Melissa found Strike Graph to be easy to navigate and well-supported.
“The Strike Graph platform is awesome because it gives you email reminders when things are coming up due and gives you a place to really just organize everything.”
“I love the dashboard view of what evidence items are coming up due – if I get my hustle on, can I submit five things and then be back on track for compliance again?”
“Customer support has been super responsive — anytime I request any assistance, it's usually an answer in the same day, if not within the hour or two. Every interaction has been great, super helpful.”
She also praised the help documentation and templates:
“For every single evidence item, there is a help documentation link that will give you pertinent information about what the auditors are going to be looking for. The templates for various policies were super helpful as well.”
The team plans to tackle SOC 2 Type 2 next. And as the company grows, Melissa anticipates expanding compliance efforts to additional frameworks.
“Strike Graph makes it very easy to add on other frameworks, which is really nice. If we ever wanted to add on NIST or FedRamp, we would already have the evidence items in place for a number of the controls for both of those as well.”
“If you have the opportunity to get Strike Graph, do it. They will make your compliance efforts as easy as possible. I really am just surprised at how a big, scary task has been broken down into multiple manageable ones. You can recruit help easily through the platform. All in all, just an overarching positive experience — I would highly recommend Strike Graph.”