DocuPhase: 50% less work with multi-framework mapping

DocuPhase shifted from a reactive to proactive security approach and cut their HIPAA work in half with Strike Graph. 


Clearwater, FL

Automation and integration services for financial teams
Security compliance Designing security programs Management SOC 2 HIPAA

DocuPhase offers intelligent automation solutions tailored primarily for modern finance teams including accounts payable and accounts receivable automation, intelligent data capture, financial record management, and various other integrations and automations. DocuPhase processes an impressive 10 million invoices annually and engages with over 125,000 suppliers for invoice and payment processing. 

The challenge 

Nicholas D'Amico, DocuPhase’s IT cloud operations manager, was unhappy with the company’s current compliance consultant, which relied on traditional security and auditing approaches. He found the existing process to be overly complex and drawn out — more reactive than proactive. 

He knew he wanted to find a new compliance solution with a modern, proactive approach that required less time and fewer resources.

The Strike Graph partnership

Strike Graph’s all-in-one compliance and certification platform fit the bill. 

Both D’Amico and Paul Gagne, DocuPhase’s VP of security and compliance, found that Strike Graph allowed them to maintain security consistency throughout the year — not just in the last-minute push before an audit. This has meant less scrambling and more peace of mind.

“I prefer to stay ahead of security requirements and have it be easy when it comes to the actual audit itself, instead of inundating yourself with last-minute audit prep,” says Gagne.

Several features stood out to D’Amico and Gagne as pivotal in making the security compliance process easier and less resource intensive:

  • Automated evidence collection — Gagne’s favorite Strike Graph feature is the ability to easily refresh evidence, like company policies, to the newest version with a single click.
  • Easy-to-navigate process — The DocuPhase team found the process of identifying risks, implementing controls, and automatically attaching evidence to be intuitive and simple. 
  • Expert support — Strike Graph offers an extensive education resource library and in-platform educational tips. And, our customer success experts are there if more support is needed.

The outcome

Strike Graph has allowed DocuPhase to shift into a robust, proactive security stance that saves the company time, resources, and worry. 

The preparation enabled by the Strike Graph platform meant only minor follow-ups were required during the company’s most recent audit. And, the DocuPhase team has found that being able to easily share out its SOC 2 report to prospective customers immediately positions DocuPhase as a trusted partner and alleviates the need for lengthy security questionnaires.

 What’s next?

DocuPhase is currently working toward HIPAA compliance. Because of Strike Graph’s multi-framework mapping capabilities, 50% — fully half — of the controls and evidence necessary for HIPAA were already satisfied in the platform. This has saved the company a tremendous amount of time and resources.

“As soon as I went into the Strike Graph platform and that framework was turned on, I could see that we only had 50% to do for HIPAA,” said Gagne. “If we had used a different firm for HIPAA, then we wouldn't see that overlap. We'd have to do it all over again.” 

DocuPhase is continuing to expand its security program with other frameworks and looks forward to continuing to work with Strike Graph in the future. As D’Amico puts it — “I don't think we're going to be changing vendors anytime soon." 

  • copy-link-icon

    Copy URL

  • facebook-icon
  • linkedin-icon

Strike Graph’s pre-audit security packet not only streamlined and simplified our SOC 2 compliance efforts, but it even helped us earn the confidence of a valued customer.


Chief AI Officer, Foundation AI

Are you ready to build trust through cybersecurity?