ORM Technologies, a leader in B2B Predictive Revenue Analytics, based in Dallas, Texas, provides software solutions that help companies analyze sales and marketing performance, predict future revenue, and prescribe action. ORM brings go-to-market analytics into one platform to provide everything from multi-touch attribution to pipeline forecasting and AI that picks which accounts to target.

The challenge

ORM Technologies handles an extensive amount of data, including personally identifiable information (PII). Because of this, it’s essential that the company be able to consistently demonstrate robust data security and privacy measures to its customers. 

When ORM Technologies first decided to pursue SOC 2 compliance, they did so with the help of a traditional audit firm. While this method allowed the company to pass its SOC 2 audits, the process left much to be desired.

Pete Furseth, chief operating officer at ORM Technologies, says, “Prior to Strike Graph, we were working directly with an audit firm. They were fine … but the process was cumbersome.” 

Furseth says working with the audit firm was tedious, especially for his small team. One of the biggest setbacks was that the firm gave them no guidance. His team would upload a document, then the firm would review it and tell the ORM team if the document needed to be “looked at.” 

Without guidance, sometimes ORM would have to update documents several times before they were approved by the audit firm. And, on top of that, the audit firm’s software lacked a way to keep track of document versions, which Furseth says made it a  “nightmare” to sort out updated copies of the same document.

When the next year rolled around, and it was time to renew, Furseth knew he needed to find a different approach to getting SOC 2 compliant.

The original SOC 2 process “was a heavy lift,” said Furseth, “year two came around and we would have had to do it all again. We would have had to re-upload everything, redo documenting everything, and restate things that had already been stated. It would have effectively been starting from scratch.” 

Furseth understood that starting from scratch with the audit firm would be a massive commitment for their first and future renewals and for any new framework ORM needed to add. He knew the company needed a more efficient way to get SOC 2 compliant.

The Strike Graph partnership

Strike Graph was Furseth’s first choice. The platform was competitively priced and promised two things:

• A streamlined experience that eliminates unnecessary manual work
• Simplified security compliance accessible to small team 

Strike Graph is designed to simplify the compliance process for security novices and experts alike. With no prior compliance experience, Eric Houtman (the software developer who stepped in to head up ORM’s security efforts) was able to navigate the SOC 2 renewal process, thanks to Strike Graph’s in-platform tips, straight-forward process, and in-depth educational resources. 

“Strike Graph was truly best in both efficiency and as a learning tool,” says Houtman. “It's having that simplified, step-by-step process where everything is laid out for you, and you're given support to make sure you reach that goal in the clearest way possible.”

He and his team successfully renewed ORM’s SOC 2 attestation in a matter of only a few weeks using Strike Graph. 

Furseth’s and Houtman’s say a number of Strike Graph features contributed to the company’s SOC 2 success:

Compliance dashboard

The security dashboard was essential to keeping track of his team’s progress. Not only did it provide an overall status report, but it also kept Houtman up to date on evidence that still needed to be attached, control status, who was assigned to which task, and other important operational details. This made it easy for him to quickly understand where the team was in the SOC 2 renewal process and which steps they should take next.

Automated evidence collection

Being able to assign evidence to each control and then let Strike Graph’s low-code, secure integrations do the grunt work of evidence collection let the ORM team put their energy toward more strategic tasks. “With the audit firm, we were constantly updating documents, and version control became a nightmare,” says Furseth. “The ability with Strike Graph to point directly to where a document resides in the cloud is a big deal.” 

Control library

Strike Graph’s control library made it easy for ORM to mitigate their company’s unique risks, giving the flexibility to use the platform’s ready-out-of-the-box controls or customize controls for ORM’s specific scenario. 

Templates

Templates played a big part in allowing ORM to renew their SOC 2 attestation quickly. Before switching to Strike Graph, the team had to create all of their policies and procedures from scratch. Strike Graph gave them a library of templates to choose from and customize, which sped up the process immensely. Houtman says ORM completed the SOC 2 renewal “30% faster because we were jump-started by the templates that Strike Graph provided. We went from having nothing to automatically having templates to work off of, which sped things up immensely.”

Trust asset library

Strike Graph’s trust asset library gave ORM a centralized place from which to share all their trust assets, like certifications, pen tests, and privacy policies. This feature makes it easy for everyone to access these important documents for client security reviews and for certification processes.

Educational resources and guidance

Strike Graph’s educational resources and team of experts smoothed the process for ORM. “Our customer success manager was very helpful in the process,” says Furseth, “It was nice to have a point of contact where we could direct all our questions and have them answered in a timely fashion.”

The outcome

Thanks to Strike Graph’s streamlined compliance process, the ORM Technologies team was able to renew their SOC 2 attestation in a fraction of the time it would have taken with their previous audit firm. 

And, they’re continuing to build on that success. “Client security review has been drastically diminished thanks to the Strike Graph platform,” says Furseth. Security questionnaires used to take the ORM up to a month to complete, but thanks to Strike Graph, it now takes the company less than a week. “That's a really tangible, quantifiable result of having done the work with Strike Graph,” says Furseth. 

Being able to complete client security reviews faster opens the door for ORM Technologies to onboard more clients in a shorter amount of time, growing revenue opportunities. Strike Graph isn’t just important because of the sales process, though, says Furseth. “We believe best practices are important. It’s an important part of who we are. So, we make sure that we’re aligned with best practices by doing an audit like this. And we feel good about that.”

Houtman agrees that achieving SOC 2 renewal with Strike Graph has increased the level of trust ORM’s clients have in the company. “We're able to go and talk to clients and completely 100% reassure them that everything will be safe and secure,” says Houtman. 

What’s next?

ORM is considering pursuing ISO 27001, especially since Strike Graph makes it easy to leverage existing controls to scale up to multiple security frameworks with no need to start from scratch. And, the team looks forward to continuing working with Strike Graph for next year’s SOC 2 renewal. “With Strike Graph,” says Furseth, “we know that the second audit will require even less effort.”