The Challenge
NROC was required by North Carolina to have a SOC 2 by the end of 2021. NROC reached out to Strike Graph because they didn’t know where to start. They completed their Strike Graph Risk Assessment and identified existing controls and processes that needed more attention, like user access reviews and more formal change management processes. Within six months, they completed a Type 1 and were so well-positioned with their IT control environment that they were able to complete a Type 2 by the end of the year.
The Strike Graph Partnership
The NROC team is small but focused. “Due to the size of the NROC team, we not only right-sized controls but configured their account to ensure that the frequency at which they monitored their controls made sense,” says Lizzie Whetstone, Director of Customer Success at Strike Graph.
The Outcome
Both the Type 1 and Type 2 audits were clean, and NROC met its commitment to the State of North Carolina. “We not only made North Carolina happy with a timely and clean SOC 2, but we have been able to leverage our SOC 2 to open up revenue and sell into other states,” says Nancy Cook, NROC Managing Director.
What's Next?
The NROC team members appreciate the periodic reminders that assist them in continuously monitoring their controls. With Strike Graph, they are feeling prepared for their next annual SOC 2 audit.