LCvista was referred to Strike Graph by their auditor, as they lacked someone with the expertise or time to oversee all the details of their systems and controls. That, and simply communicating effectively with the auditor and understanding exactly what they were looking for, were LCvista’s primary challenges. “We wanted to be forward-thinking and build good security practices,” says Aaron Duke, CTO at LCvista. “The Strike Graph solution and Customer Success team was instrumental in establishing a solid information security culture at LCvista.”
The Strike Graph Partnership
The CTO worked directly with the Strike Graph Customer Success team to scope and then prepare for their first SOC 2 Type 1. Over the course of three months and with Strike Graph's assistance, the CTO polished up company policies, documented various procedures, conducted a penetration test, led a security training, and prepared his organization for the audit. "Integrating the SOC 2 preparation tasks into our weekly sprint cycle gave me the peace of mind that we would have a successful audit. Using the platform to upload evidence kept everything in one place and easy to track. I am so pleased that Strike Graph was able to adapt to our working environment and cannot imagine going through this without the CSM,” adds Duke.
Post-audit, LCvista also found the Strike Graph expiration feature helpful, as it made it easier for LCvista to keep up with expiring evidence during the SOC 2 monitoring period.
After just under three months of effort, the LCvista team received a clean SOC 2 report. Their auditor was impressed by the thoroughness of the control mapping and shared that the System Description needed only minimal edits. The control mapping and System Description saved LCvista about 40 hours of effort, compared to the time it likely would have taken had they tackled these all on their own.
Following the successful Type 1 engagement, LCvista and Strike Graph moved onward to focus on Type 2, which LCvista proceeded to achieve without a hitch in March 2022.
The LCvista compliance product continues to expand to meet emerging industry needs. They’ve added an additional compliance specialist to their team and will continue to renew their SOC 2 annually.