Summary
Cleo, an energy management software by Polara Energy, a fast-growing Quebec-based EV charging solutions provider, needed SOC 2 compliance to unlock key contracts and scale.
Cleo's development team led the project. They chose Strike Graph for its all-in-one compliance automation platform, which includes integrated audit support, pen-testing, templates, and responsive guidance.
The result? Cleo cut compliance prep time by 80%, passed SOC 2 Type 1 twice, accelerated their path to Type 2, and gained critical structure to mature security and development practices across the software team.
Starting compliance from scratch as a small startup
Started only in 2022, Cleo faced the dual challenge of building its smart charging management platform while structuring its internal framework. “We were at the stage of implementing mature software processes,” said Jessy St-Pierre, a DevOps engineer that helped lead the project. “One of the hardest parts was scoping the project.”
SOC 2 compliance was essential early on to meet customer requirements and drive Cleo’s business growth. “Some of our main initial clients required us to have a SOC 2 certification for contractualization,” explained Edouard Labbé, a developer that worked alongside Jessy. “That was one of the decision-making criteria for many major clients.”
Before Strike Graph, Cleo had no dedicated compliance tool, and it was difficult to structure the documentation needed towards a SOC2 certification. They needed a structured approach quickly, or they risked missing out on critical contracts and slowing down their growth.
Cleo selected Strike Graph after evaluating other solutions, citing the bundled services and hands-on guidance as key differentiators.
“What was really interesting compared to other offers was the package that came with it,” said St-Pierre. “You bundle the audits, pre-audits before the real audits, the pen test, and the guidance from a dedicated CSM. That’s what differentiated Strike Graph — all in one.”
Strike Graph’s combination of platform tools, frameworks, pentesting, and responsive customer support meant Cleo could move confidently through the complex SOC 2 process without needing expensive consultants.
By integrating Strike Graph with SharePoint, Cleo created a centralized documentation hub that saved significant time and eliminated manual work. 105 out of their 108 evidence items are set up with automated collection.
“It was night and day,” said Labbé. “At first it was difficult to understand where everything was. Once we integrated SharePoint with Strike Graph, it was really the way to go.”
Automation didn’t just streamline processes — it also enables Cleo to scale toward SOC 2 Type 2 with a leaner team. In year one, achieving Type 1 readiness took around 7–8 months involving the efforts of a 5-7 people team. In year two, it took only 2 months and two persons.
“We saved about 80% of the time,” said St-Pierre. “Without Strike Graph, I wonder if we would have actually achieved it.”
Today, Cleo is finalizing their move from SOC 2 Type 1 to Type 2, using Strike Graph as their project management platform for ongoing compliance.
“The platform helped us pinpoint which processes weren’t mature yet,” said Labbé. “I used Strike Graph’s framework to build a business case to management, showing exactly what we needed to achieve Type 2.”
Beyond compliance, Strike Graph helped Cleo continuously improve their software development practices, from integrating our project management tool in our development workflow usage to improving code review processes.
“The SOC 2 certification gave weight to push better practices,” explained St-Pierre. “Before, it felt like noise. Now, it’s a priority.”
Achieving SOC 2 certification didn’t just check a box — it helped Cleo:
“The work we did for SOC 2 greatly streamlined the security requirement for the carbon credits audit,” said Labbé. “Having the documentation and processes ready made a huge difference when the auditors asked for data security related proofs.”
After they focus on completing their Type 2 certification by the end of 2025, Cleo is also interested in exploring Strike Graph’s newest innovations, such as the SBOM Manager and Verify AI.
“The Strike Graph platform, the guidance, the templates — it’s all incredibly helpful,” said Labbé. “We would definitely recommend it to others starting their compliance journey.”