Small team, big results:

Clockwork transitioned from manual compliance tracking in Trello to an automated, AI-driven platform with Strike Graph. 

With just two team members managing compliance, the team achieved SOC 2 Type I in eight business days—saving an estimated 30–50% of their time compared to other platforms. 

Strike Graph’s intuitive dashboards, AI Security Assistant, control templates, and responsive audit process helped Clockwork scale security compliance without adding headcount.

Goal: Reaffirm a strong security posture through SOC 2 compliance

Clockwork is a 23-year-old experience design and technology consultancy serving enterprise clients across regulated industries such as healthcare, finance, and manufacturing.

After years of maintaining strong security practices, Clockwork shifted to cloud-based systems and wanted to reaffirm its controls by pursuing SOC 2 compliance.

“We’ve always had a strong security posture, but we’d never really benchmarked ourselves against the industry. SOC 2 gave us that opportunity.”
— Vincent Cabansag, COO

Manual tracking slowed compliance readiness before adopting Strike Graph

Before Strike Graph, Clockwork tracked policies and evidence through Trello. Partnering with a fractional CISO from Evolve Security, they evaluated multiple compliance software options and ultimately compared Apptiga and Strike Graph.

“We chose Strike Graph because it felt like a customer-centered tool—easy to use, easy to access, and designed like something we’d want to deliver to our own clients.”
— Vincent Cabansag, COO

Strike Graph’s audit-first approach also stood out. Unlike other tools that begin with a gap assessment and require a second round of remediation, Strike Graph’s model—preparing controls and evidence before attestation—was faster and more efficient. 

Vincent notes, “This approach was actually a better, more innovative process. It just made more sense.”

Strike Graph’s templates and automation helped Clockwork finish its audit in record time

“Strike Graph made it much easier to provide our evidence. The templates, integrations, and chatbot saved us an incredible amount of time.”
— Vincent Cabansag, COO

The Clockwork team quickly centralized their policies, controls, and evidence inside Strike Graph. With limited internal resources, Strike Graph effectively became an extension of their team. 

Don Nguyen, IT Ops Specialist, noted that “At my last company, we had seven people doing GRC work. Here, it was just the two of us—and we still achieved SOC 2. Strike Graph basically acted as another person on our team.”

Strike Graph’s AI Security Assistant helped clarify control requirements and guide evidence collection, while prebuilt templates for policies and system descriptions saved 15–20 hours of manual work.

“By the end of week one, we were 95% done. The audit took three weeks total, but we finished in about a week and a half.”
— Don Nguyen, IT Ops Specialist

Favorite features that saved time and improved visibility

• Prebuilt templates: Accelerated policy creation and saved 15–20 hours
  
  
• Dashboard tracking: Flagged evidence expiring within 30 days
  
  
• Google Workspace integration: Streamlined evidence uploads and policy management
  
  
• AI Security Assistant: Clarified control language and evidence requirements
  
  
• Custom export options: Simplified client questionnaire responses
  
  

“It was nice to see the full picture—controls, evidence, and progress—all in one place. I felt confident we were on the right track.”
— Don Nguyen, IT Ops Specialist

Fast, transparent audit process builds confidence 

Strike Graph’s audit process proved fast, organized, and transparent. The team worked closely with their CSM, Lisa, who provided proactive guidance and real-time feedback throughout the process.

“Other audits I’ve done felt like they dragged on for months. With Strike Graph, it was organized, clear, and fast.”
— Vincent Cabansag, COO

“We knew we were going to pass based on our conversations with Lisa. It felt confident and collaborative.”
— Don Nguyen, IT Ops Specialist

Results

• Achieved SOC 2 Type I in just eight business days
  
  
• An estimated 30–50% time savings compared to other platforms
  
  
• Streamlined evidence collection and automated policy tracking
  
  
• Improved visibility and confidence in ongoing compliance
  
  

“Strike Graph helped us demonstrate to clients that our solutions meet SOC 2 Type I controls, strengthening trust and credibility in every engagement.”
— Vincent Cabansag, COO

Looking ahead

Clockwork plans to maintain and expand their compliance program within Strike Graph, potentially adding privacy controls to their SOC 2 scope in the future.

“Maintaining compliance is easier than achieving it the first time—and the platform makes that easy for us.”
— Vincent Cabansag, COO

A strong partnership

From product to people, Clockwork highlighted Strike Graph’s responsiveness and expertise as key to their success.

“We’re highly satisfied customers. We’ll continue using Strike Graph indefinitely. The team, the process, and the technology have all been exceptional.”
— Vincent Cabansag, COO