Satisfying Customers and Landing More Contracts: NROC’s SOC 2 Journey

Leaders partner with the NROC Project (“NROC”) to imagine, develop, test, and refine technologies that improve student readiness, retention, and success. Learn how Strike Graph helped NROC complete their Type 1 and Type 2 audits, positioning them for more revenue opportunities.


Carmel, CA




The Challenge

NROC was required by North Carolina to have a SOC 2 by the end of 2021. NROC reached out to Strike Graph because they didn’t know where to start. They completed their Strike Graph Risk Assessment and identified existing controls and processes that needed more attention, like user access reviews and more formal change management processes. Within six months, they completed a Type 1 and were so well-positioned with their IT control environment that they were able to complete a Type 2 by the end of the year.

The Strike Graph Partnership

The NROC team is small but focused. “Due to the size of the NROC team, we not only right-sized controls but configured their account to ensure that the frequency at which they monitored their controls made sense,” says Lizzie Whetstone, Director of Customer Success at Strike Graph.

The Outcome

Both the Type 1 and Type 2 audits were clean, and NROC met its commitment to the State of North Carolina. “We not only made North Carolina happy with a timely and clean SOC 2, but we have been able to leverage our SOC 2 to open up revenue and sell into other states,” says Nancy Cook, NROC Managing Director.

What's Next?

The NROC team members appreciate the periodic reminders that assist them in continuously monitoring their controls. With Strike Graph, they are feeling prepared for their next annual SOC 2 audit.

  • copy-link-icon

    Copy URL

  • facebook-icon
  • linkedin-icon

We knew SOC 2 was a priority and felt like we had good security practices but lacked a real system of organization. Strike Graph's platform allowed us to design our controls in accordance with the SOC 2 criteria and quickly achieve Type 1 compliance. With their help, six months later we were able to complete our Type 2 and secure our contract. Stike Graph was helpful in not only getting through the audit but elevating our internal security discussions as well.


President, NROC