.jpg?width=1448&height=726&name=Screen%20Shot%202023-02-09%20at%202.57.5-min%20(1).jpg)
February 9, 2023
Recommended:
.png?width=360&height=210&name=Blog%20Featured%20Image%20600x350px%20(24).png)
.png?width=360&height=210&name=Blog%20Featured%20Image%20600x350px%20(23).png)
Affirming Official’s dilemma: Why security questionnaires fail under CMMC Level 2
CMMC, Risk management, TPRM
.png?width=360&height=210&name=Blog%20Featured%20Image%20600x350px%20(22).png)
How generative AI is changing regulatory compliance (and risks to manage)
AI and automation, Security Architecture
14 CMMC Templates Annotated With Tips from Security Experts
Article summary: Editable CMMC templates cover every required domain and are organized by Level 1, Level 2, and Level 3. Each template helps document real security practices with example evidence, expert tips, and common pitfalls. Level 1 materials s...
CMMC
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(21).png)
Definitive CMMC Guide for 2026: Levels, Assessments & Streamlining
Executive summary: CMMC compliance determines whether defense contractors can bid on, win, or continue certain Department of Defense contracts. The CMMC framework has three compliance levels arising from data sensitivity and contract requirements, an...
CMMC, Measuring/certifying security programs, Designing security programs, System Security Plan, Self-Assessments, POA&Ms, Certification
.png?width=180&height=120&name=CMMC%20Gap%20Analysis%20(1).png)
CMMC Gap Analysis for Levels 1-3: Steps, Templates and Examples
A CMMC gap analysis identifies missing controls, evidence, and readiness gaps for CMMC Levels 1, 2, and 3 before self-assessment, C3PAO certification, or government review. The process follows three phases: scoping, assessment, and reporting. Scoping...
CMMC, Measuring/certifying security programs
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(20).png)
How to Conduct CMMC Level 2 Self-Assessment: Step-by-Step with Templates
This guide explains the steps to conduct and submit a CMMC Level 2 self-assessment. Get expert tips to avoid common pitfalls and earn your CMMC compliance. Also, get our free templates and interactive tool.
CMMC, AI and automation, Boosting revenue
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(19).png)
Security is not one-size-fits-all. It never has been.
Whether through policy templates, "compliance-in-a-box" solutions, or the siren song of a "SOC 2 in 5 days," the security industry has increasingly embraced a dangerous fiction: that your company's security can be copy-pasted from a template.
AI and automation
Keep up to date with Strike Graph.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
How to Create an Effective CMMC SSP: Steps, Key Sections, & Starter Kit
What is a CMMC System Security Plan? A CMMC System Security Plan (SSP) is a required compliance document that explains how a defense contractor meets the cybersecurity practices in NIST SP 800-171. It outlines system boundaries, controls, and policie...
CMMC
Can AI perform a security audit? It’s already starting to
The security audit industry is broken.
AI and automation
Five Predictions on CMMC’s Impact to the Defense Industrial Base in 2026
Based on the official DoD Regulatory Impact Analysis, current market indicators, and simple math, here are five predictions for how CMMC implementation will reshape the defense contracting landscape for prime and subprime vendors in 2026.
CMMC
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(12).png)
Why AI-Native Compliance Platforms Outperform AI-Enhanced Solutions
Summary AI-native platforms outperform AI-enhanced ones because they’re built with AI at the architectural core, enabling machine-readable controls, continuous evidence collection, and real-time validation rather than periodic, document-driven checks...
AI and automation
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(17).png)
CMMC Level 1 Self-Assessment: Steps, Submission, Free Tools, and Video
Preparing for CMMC Level 1 self-assessment To prepare for a CMMC Level 1 self-assessment, seek clarity. Locate where Federal Contract Information (FCI) resides, spell out your scope, and gather the policies and records that show how those systems are...
CMMC
How AI Is Transforming CMMC Delivery—and Accelerating Readiness
More than 220,000 organizations in the Defense Industrial Base (DIB) will be required to meet the Cybersecurity Maturity Model Certification (CMMC). Yet many teams still find themselves slowed by manual processes: chasing evidence across departments,...
CMMC, AI and automation
CMMC vs. NIST 800-171: Comparing, Mapping and Streamlining Compliance
Compare NIST 800-171 and CMMC and download our control mapping. Discover how to save time, lower costs, and simplify compliance on your path to DoD contracts.
CMMC, NIST 800-171, Measuring/certifying security programs, Operating security programs, Designing security programs
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(13).png)
CMMC vs. ISO 27001: Similarities, Differences, Mapping, and Bundling
Learn how data security standards CMMC 2.0 and ISO 27001 compare in purpose, scope, controls, and processes. Explore our CMMC-ISO 27001 control map, time and cost to implement, and overlap strategies.
CMMC, ISO 27001, Measuring/certifying security programs, Operating security programs, Designing security programs
Why compliance leaders struggle with confidence — and how AI can change that
Only 4.4% of compliance leaders say they’re fully confident in their processes (Strike Graph 2025 State of AI in Compliance Report).
AI and automation
CMMC vs. FedRAMP: Understanding Differences and Which You Need
Understand how CMMC and FedRAMP fundamentally differ despite surface similarities. Experts debunk misconceptions and clarify who needs which framework. Download a free control map for each framework to sharpen your compliance efforts.
CMMC, Measuring/certifying security programs, AI and automation
AI-native vs. AI-powered: Why architecture matters in the age of intelligence
The AI revolution has created thousands of "AI-powered" solutions, but there's a crucial difference between adding AI to existing systems and building from scratch with AI at the center. The distinction between AI-native and AI-powered goes beyond te...
AI and automation, Security Architecture
%20(1).png?width=180&height=120&name=Video%20Thumbnail%20(1)%20(1).png)
AI in GRC: How AI Is Transforming Governance, Risk & Compliance
Learn how AI helps businesses manage risk, comply with policies, and make smarter decisions. Explore real-world examples in action today, and see how our experts envision the future of AI in governance, risk, and compliance
TrustOps, AI and automation, GRC
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(11).png)
Medical Device SBOMs Simplified: Role, FDA Requirements, Examples & Checklist
SBOMs have become essential to medical device cybersecurity. Learn what SBOMs are, why they matter, and how to stay compliant. Explore the requirements and download our FDA-ready checklist to get started.
HIPAA, MedDev, SBOM, Product features
Automated to AI-Powered Evidence Collection in Compliance: Benefits, Challenges, & Trends
Automation and AI streamline the tedious work of evidence collection for compliance. Learn from experts how to use this emerging technology to lessen compliance headaches and audit anxiety at your company.
CMMC, AI and automation
AI-Powered Compliance Monitoring: Capabilities, Benefits, Examples, and Trends
AI-powered compliance monitoring is transforming risk management from reactive to proactive. Get expert insights into how it works, where the technology is heading, and how you can use it today to keep your compliance program audit-ready.
CMMC, Operating security programs, Designing security programs, Risk management, AI and automation, Product features
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(10).png)
Medical device & healthcare SBOMs: Best practices by type and format
This expert guide covers best practices for healthcare SBOMs, including general guidelines and specific tips for IT and medical devices. Learn to optimize SBOM formats and types, and download a free cheat sheet for quick reference.
MedDev, Measuring/certifying security programs
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(9).png)
Gen AI, Agentic AI & AGI for Internal Compliance Audits: The Future Has Already Started
AI is transforming internal compliance audits. It reduces manual effort, uncovers risks sooner, and helps teams move faster. This guide shows how audit teams are using GenAI and agentic AI today — and how they can start preparing for what’s next.
CMMC, Measuring/certifying security programs, Operating security programs, Designing security programs, AI and automation
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(6).png)
CMMC 2.0 Level 3 Simplified: Steps, Controls and Checklist
Explore CMMC 2.0 Level 3 essentials. Learn whether it applies to your organization and how it differs from Level 2. Dive into new security requirements, find tips to streamline the process, and download a free Level 3 control spreadsheet and task che...
CMMC, Measuring/certifying security programs
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(7).png)
Why zero trust architecture is reshaping security and compliance programs
As cybersecurity threats evolve and compliance frameworks grow more complex, traditional security models are showing their age. The old perimeter-based approach—where everything inside the network is assumed to be safe—no longer holds up.
CMMC, IT security, Security compliance, Designing security programs
Why SBOMs are critical for security and compliance in 2025
Software supply chain security has become a top priority for organizations worldwide, and at the center of this movement is the software bill of materials (SBOM).
CMMC, Operating security programs, Designing security programs, SBOM
.png?width=180&height=120&name=Blog%20Featured%20Image%20600x350px%20(2).png)
Simplifying CMMC audits: step-by-step preparation, best practices and checklist
Pass your CMMC audit with confidence using this guide. Learn how audits differ between CMMC levels, and get step-by-step tips from compliance experts on preparing and streamlining. Download a free audit checklist to stay on track.
CMMC, Measuring/certifying security programs, Operating security programs, Designing security programs
Simplifying TISAX Audits: Types, Steps, Streamlining Strategies and Checklist
TISAX audits can feel overwhelming, but you can succeed with the right approach and tools. This guide shares expert tips on preparing for, undergoing, and passing your TISAX audit. Also, get your free audit checklist.
TISAX, Security compliance, Measuring/certifying security programs, Designing security programs
5 reasons not to wait to get compliant with CMMC
A few weeks ago, I had the opportunity to connect with industry leaders and cybersecurity experts at the Southwest Regional CMMC Implementation Conference in Dallas, TX. The following week, my team had the opportunity to attend the Controlled Unclass...
CMMC, Security compliance, Measuring/certifying security programs
How Strike Graph’s unique software architecture has helped shape five years of success
When we founded Strike Graph five years ago, we set out to build a modern governance, risk, and compliance (GRC) system designed for the digital age. We knew that companies needed a more flexible, scalable, and efficient way to manage compliance—one ...
Security compliance, Measuring/certifying security programs, Operating security programs, Designing security programs, Company news
Customer-centric design: The driving force behind Strike Graph’s innovation
At Strike Graph, we believe that the most effective security and compliance solutions are built with a deep understanding of the people who use them. From the smallest to the biggest customers, we want to be a part of their security program. Our goal...
Designing security programs
CMMC 2.0 Level 2 Simplified: Requirements, Steps, Controls List and Checklist
Explore the new CMMC 2.0 Level 2 requirements for defense contractors and learn how to meet them. Get expert tips to save time and money, a task checklist, and a timeline to stay on track.
CMMC, Measuring/certifying security programs
%20(1000%20x%20600%20px).png?width=180&height=120&name=G2%20email%20banners%20(1000%20x%20770%20px)%20(1000%20x%20600%20px).png)
Strike Graph Ranks #1 for Results and Implementation on G2
Celebrating another season of excellence At Strike Graph, our mission has always been to simplify and revolutionize compliance management, enabling companies to achieve security certifications and build trust. This winter, we’re thrilled to see our e...
Company news
Top 3 predictions for 2025 and the future of enterprise compliance
Today, compliance management is becoming increasingly complex due to ever-changing regulatory demands. Throw on the need to comply with multiple frameworks or support complex organizational structures, and compliance becomes an overwhelming burden fo...
PCI DSS, Measuring/certifying security programs, Operating security programs, Designing security programs, AI and automation
Announcing the launch of enterprise content management at Strike Graph
Managing compliance across multiple locations, products, or subsidiaries is no small feat. For too long, organizations have relied on cumbersome spreadsheets or expensive consulting firms that fail to deliver efficiency. At Strike Graph, we’re redefi...
PCI DSS
PCI attestation of compliance (AOC): components, steps, samples, and starter kit
The AOC is the final hurdle in the PCI DSS process. This post covers everything you need to clear it easily. Explore each section of the AOC, download sample templates, and gain expert tips on leveraging PCI DSS to benefit your organization.
PCI DSS, PCI DSS
Breaking Down the Penetration Testing Process: Phases, Steps, Timelines, and Industry-Specific Strategies
Learn the core phases of penetration testing from compliance experts, including tailored approaches for different industries. Explore pen testing timelines and schedules to help you stay on top of each phase and monitor your testing progress effectiv...
Designing security programs
.png?width=180&height=120&name=SEO%20promo%20graphics%20(3).png)
Mastering PCI DSS scoping: categories, steps, and how to reduce scope
The first step of PCI DSS? Nailing your scope. This comprehensive guide covers PCI scoping from A to Z. Experts share how to determine what’s in scope, explain new PCI v4.0 rules, and explore the best strategies to reduce your scope to the essentials...
PCI DSS, Designing security programs
October Product Roundup
Welcome to the first epiosde of Product Roundup, our new video series where Strike Graph’s CEO, Justin Beals, and Chief Product Officer, Micah Spieler, dive into the latest product releases and industry trends. This month, we’re thrilled to spotlight...
Operating security programs, AI and automation, Company news, Product features
Strike Graph’s strategic approach to AI in compliance
AI is everywhere these days - with companies racing to integrate it into their products—often with mixed results. In the world of security and compliance, incorporating AI requires more than just innovation; it demands rigorous privacy and security s...
PCI DSS, AI and automation
What You Need to Know About CMMC in 2025
Earlier this month, the Department of Defense (DoD) published the new ruling of the Cybersecurity Maturity Model Certification (CMMC), which goes into effect on December 16th. As we near the end of 2024, all companies working with the Department of D...
CMMC, Security compliance, Designing security programs
.png?width=180&height=120&name=Sales%20Territories%20(1).png)
Strike Graph now offers hosted data within the EU
Strike Graph is proud to announce that we now offer data hosting in the European Union. This added flexibility allows customers with specific EU data privacy and security requirements to store data in compliance with EU data regulations while taking ...
Company news
Penetration testing best practices: ensuring consistent and effective security testing
Penetration testing best practices are essential for effective and consistent testing. By adhering to established guidelines and methodologies, businesses can systematically uncover potential security threats, mitigate risks, and protect sensitive da...
Pen testing, Measuring/certifying security programs, Designing security programs
PCI DSS v4.0 (v4.0.1): Requirements, changes, implementation steps and checklist
PCI DSS v4.0 has started taking effect, and more requirements are coming in 2025. Get ready with our comprehensive guide covering changes and new requirements. Explore our free compliance checklist and expert roadmap to implement v4.0, whether you're...
PCI DSS, Security compliance, Designing security programs
.png?width=180&height=120&name=SEO%20promo%20graphics%20(2).png)
PCI DSS policy essentials: requirements, examples & templates
PCI compliance starts with a solid policy. In this guide, experts share how to write a PCI DSS policy to protect cardholder data and meet the v4.0.1 PCI DSS standards. Explore key sections, download a free template, and customize your policies to mee...
PCI DSS, Security compliance, Designing security programs
Beyond SBOMs: Building a secure future for medical devices
The increasing reliance on connected devices in healthcare has made medical device cybersecurity a top priority. A recent Forbes Technology Council article by Christian Espinosa highlights a crucial development: the FDA's mandate for Software Bill of...
SBOM
Enhancing Infrastructure Security: A Shift Towards HTTP/S Retrieval Systems
For years, the IT industry has been balancing efficiency with security. Efficiency can be gained by relying on 3rd party technology to outsource everything from cloud servers to security tools. But an integration with a vendor can compromise a carefu...
PCI DSS, Security compliance, Designing security programs
Lessons from the CrowdStrike outage: Why verification is the missing piece in modern security automation
Recent events have underscored a critical vulnerability in the cybersecurity industry's growing embrace of automation: the lack of emphasis on robust change management and verification processes. A major outage caused by a bug in CrowdStrike, a widel...
Security compliance, Operating security programs
Navigating GDPR: How to protect data subject rights
Privacy regulations around the world are expanding exponentially as technology advances and customers demand more control and transparency into the use of their personal data. The GDPR has been at the forefront of the digital privacy conversation, an...
GDPR, ISO 27701, SOC 2, Security compliance, Designing security programs
-1.png?width=180&height=120&name=Screenshot%202024-04-11%20at%204_50_25%20PM%20(2)-1.png)
Navigating the Evolving Security Landscape: An In-Depth Look at the Gartner Security & Risk Management Summit
The 2024 Gartner Security & Risk Management Summit (SRMS) in National Harbor, Maryland will take place this June, bringing together security leaders from across the globe to discuss the most pressing challenges and emerging trends in the cybersec...
Company news
Streamlining security compliance: the essential cybersecurity certification roadmap
The pursuit of cybersecurity certifications is a strategic move for organizations looking to protect their data and bolster their reputation. But how to make it happen?
Security compliance
Empowering innovation through customized compliance: the Strike Graph advantage
In the dynamic realm of technology-driven businesses, agility and innovation are not just assets but necessities. As these companies push the envelope of what's possible, the need for equally adaptable compliance solutions becomes essential. Strike G...
Security compliance, Operating security programs, Designing security programs
Simplifying compliance together: Here's what our customers are saying about Strike Graph
At Strike Graph, we've always believed in the power of innovation to streamline and de-stress the security compliance process. It's a philosophy that has driven our platform's design, enabling businesses of all sizes to achieve and maintain key certi...
Security compliance, AI and automation, Company news
Simplifying data security compliance in a complex regulatory landscape
We’ve said it before, and we’ll say it again — data security compliance just keeps getting more complex. You might have noticed that the list of IT security and privacy certifications your company needs keeps expanding. Here’s why.
Security compliance, Designing security programs
Penetration tests vs. vulnerability scans
As the digital landscape evolves, so too does the sophistication of cyber threats. Today, organizations are not just fighting against human hackers; they're up against AI-driven attacks that can learn, adapt, and exploit vulnerabilities faster than e...
Measuring/certifying security programs, Risk management
Decoding the HIPAA Omnibus Rule: A guide for HealthTech professionals
HealthTech is booming — which means incredible innovations and also new cybersecurity vulnerabilities. And government regulators are moving quickly with new recommendations on data security. It’s not a new scenario.
HIPAA, HIPAA, Security compliance, Measuring/certifying security programs, Boosting revenue
The key to understanding SOC reports
In today’s digital world, data security and privacy are essential components of business success. But how do you show that you’re doing what it takes to keep your data secure? SOC reports are one powerful way to prove to current and potential custome...
SOC 1, SOC 2, SOC 3, SOC 2, Security compliance, SOC 3, Measuring/certifying security programs, SOC 1
Strike Graph now supports the HIPAA privacy rule for covered entities!
We’re thrilled to let you in on some big news: Strike Graph now supports the HIPAA privacy rule for covered entities.
HIPAA, Designing security programs, Company news
Strike Graph solves the unique HIPAA challenges of HealthTech
HealthTech companies face specific challenges when it comes to HIPAA compliance — handling increases in transmission of health data over the internet, ensuring the security of data collected by wearable health devices, the proliferation of The Intern...
Security compliance, Designing security programs, Risk management
Risk ownership and scoring: Why Strike Graph is your go-to platform for risk-based compliance
When it comes to risk management, checklists just don’t get the job done. You need tools that allow your company to identify its unique risks and then effectively and efficiently mitigate them.
Security compliance, Designing security programs, Risk management
The essential HIPAA compliance checklist for HealthTech companies
If you’re a leader at a HealthTech company and need to understand how HIPAA applies to HealthTech — as well as how you can reach compliance — then you’ve come to the right place.
Security compliance, Designing security programs
New Strike Graph framework | CIS builds trust without an audit
We at Strike Graph are excited to announce that our platform now supports CIS v8, the latest version of the Center for Internet Security’s framework — a versatile, robust security framework for companies looking to prove their commitment to data secu...
CIS, Designing security programs, Boosting revenue, Company news
Should I get GDPR and ISO 27701 at the same time? Yes!
Should companies pursue GDPR and ISO 27701 compliance at the same time? Absolutely yes! ISO 27701 is designed to work with GDPR and can help your company achieve stronger data protection and privacy while saving time and resources in the process. It’...
GDPR, ISO 27701, Security compliance, Designing security programs
Closing deals the easy way: see what a difference Strike Graph makes
Let's get straight to what's most important to your business: closing deals.
Security compliance, Designing security programs, Boosting revenue
4 trends shaping HealthTech compliance in 2024
In 2023, 93 million healthcare records were exposed in data breaches, shattering trust and costing millions. These breaches not only underscore the urgent need for robust cybersecurity measures but also highlight the complex landscape of compliance f...
Designing security programs, AI and automation
Strike Graph and Judy Security partner to bring the best of security compliance and cybersecurity tech
Innovation benefits from thoughtful collaboration — which is why Strike Graph is pleased to announce a new partnership between Strike Graph and Judy Security, a leading provider of cybersecurity for small and medium-sized businesses.
ISO 27001, GDPR, Security compliance, Company news
Enhancing collaboration and efficiency: the power of control notes and comments
Effective collaboration and customized strategies are essential components of security compliance and TrustOps success. That’s why we’ve added a simple, but powerful, tool to ensure Strike Graph users can streamline their security and TrustOps progra...
Security compliance, TrustOps
Satisfy security demands now with Strike Graph’s security overview
Do you feel like you’re behind in the security compliance game? Are your competitors outpacing you? Even the fastest security certification doesn’t happen overnight, so what can you do in the meantime?
Security compliance, Measuring/certifying security programs, Boosting revenue
.png?width=180&height=120&name=Copy%20of%20Strike%20Graph%20Buttons%20(1).png)
$8.5 million in new funding propels Strike Graph’s mission to revolutionize security compliance
In the world of security compliance, Strike Graph is not just a participant but a pioneer, trailblazing a path with our AI-enabled technology and commitment to integrated TrustOps. $8.5 million in new funding (spearheaded by BAMCAP with participation...
TrustOps, Company news
Comparing NIST 800-171 and 800-53: Differences, Mapping, Bundling & Streamlining
NIST SP 800-53 and NIST SP 800-171 are critical cybersecurity frameworks with distinct purposes for different users. This guide compares each with actionable guidance from experts and free control mapping resources to help simplify implementation.
NIST 800-171, NIST 800-53, Security compliance, Operating security programs, Designing security programs
Enhance your security program with these top 5 AI best practices
Artificial intelligence (AI) is playing more and more of a role in today’s security sector. And, as the digital threat landscape evolves, the role of AI in security will continue to expand, providing organizations with advanced tools to detect, respo...
Security compliance, Designing security programs, AI and automation
Take your security program from resource drain to revenue builder
The traditional approach to security compliance has long been a cumbersome and costly affair for businesses. Traditional methods are not only slow and resource-intensive but also fail to convert critical security activities into trust, a key ingredie...
Security compliance, TrustOps, Boosting revenue
7 Strike Graph features that turn anyone into a security compliance expert
New-ish to security compliance and not sure how to best tackle all of the compliance tasks you need to complete? You need a solution that turns you into an overnight expert; you need Strike Graph’s comprehensive compliance platform. Here’s why — our ...
Security compliance, Designing security programs
8 steps for conducting a NIST 800-171 self-assessment
If you're in an organization that handles sensitive information or has contracts with the US government, it's wise to consider a NIST 800-171 self-assessment. This isn't just about meeting regulatory requirements. It's a crucial step in safeguarding ...
Security compliance, TrustOps, Measuring/certifying security programs
Strike Graph’s control library makes mitigating risk a breeze
Once you’ve identified your company’s security risks, the idea of having to mitigate each individual one can feel daunting. Strike Graph has a simplifying solution — our pre-populated control library.
Security compliance, Designing security programs
Save time and resources with Strike Graph’s integrated risk assessment
When it comes to security compliance, let's face it: no one enjoys wading through endless checklists that don’t always apply to their business. It's like going to a mechanic who insists on checking parts your car doesn’t even have. That's why at Stri...
TrustOps, Designing security programs, Risk management
PCI DSS vs. SOC 2: Differences, Overlaps and Streamlining Certifications
Explore how the PCI DSS and SOC 2 standards differ and overlap. Download our free compliance controls mapping, and discover how much time and budget you can save by pursuing both certifications simultaneously.
PCI DSS, SOC 2, SOC 2, PCI DSS, Operating security programs, Designing security programs
PCI DSS levels 101: requirements, examples & starter kit
PCI DSS levels for merchants & service providers: requirements, examples & starter kit Whether a business runs ten credit cards or 10 million, PCI DSS rules will apply. Explore the different levels and requirements for PCI merchants and servi...
PCI DSS, Security compliance, Designing security programs
Video | Who must comply with PCI DSS?
PCI DSS compliance reduces the risk of intrusions and theft, building trust with cardholders and signaling to the marketplace that your organization takes data and privacy protection seriously. If your business requires you to hold or transfer credit...
PCI DSS, Security compliance, Designing security programs
Video | SOC 2 vs. ISO 27001: Security standards for EdTech companies
Online educational technology has wonderfully diversified learning experiences for students. It has also, however, raised questions about how to protect the student data that must be collected for these technologies to function.
SOC 2, ISO 27001, Security compliance, Designing security programs
7 reasons AI-powered compliance is crucial to your business growth
You've heard a lot about artificial intelligence (AI) lately. That’s because it’s poised to change the way we work. In fact, according to Forbes, 64% of businesses believe that AI will help increase their overall productivity, and 25% of companies ar...
Security compliance, AI and automation, Boosting revenue
12 SOC 2 controls that support CPRA compliance
Leveraging framework overlap is the most efficient way to comply with the growing number of security and privacy requirements.
CCPA/CPRA, SOC 2, Security compliance, Designing security programs
What to expect during your ISO 27001 and/or ISO 27701 audit
The ISO 27001 and ISO 27701 certification processes can seem long and confusing. That’s because the standards are complex. Both require extensive documentation of policies, procedures, and risk assessments. And — because the regulatory environment is...
ISO 27001, ISO 27701, Security compliance, Measuring/certifying security programs
Video | FERPA for EdTech companies
When it comes to student data, educational institutions are intimately familiar with the major piece of legislation surrounding privacy — the Family Educational Rights to Privacy Act, or FERPA. While schools hear FERPA mentioned on a regular basis, E...
SOC 2, Security compliance, Designing security programs
Prep for FedRAMP compliance using NIST 800-53
If your organization is a cloud service provider and wants to do business with the federal government, then you’ll need to be compliant with FedRAMP.
FedRAMP, NIST 800-53, Security compliance, Measuring/certifying security programs, Company news
Everything you need to know about SOC 1
In today's fast-paced, digital-first world, businesses increasingly rely on technology and outsourced services to meet their operational needs. But this reliance on third-party service providers creates a need for greater transparency and accountabil...
SOC 1, Security compliance, Designing security programs
Save time and mental energy with automated evidence collection
It's not enough to put controls in place to address your security risks — you have to prove they're working with evidence.
Security compliance, Operating security programs
How multi-framework mapping can benefit your business
Most mid-sized and larger businesses — as well as many smaller companies — need to maintain multiple certifications and meet multiple security regulations.
Security compliance, Operating security programs, Boosting revenue, Multi-framework
What is SOC 3? And why your business (might) need it
SOC 3 is a type of audit report that provides assurance to customers, users, and stakeholders about the security controls in place within an organization's systems. It stands for “Systems and Organization Controls” and is designed to provide an indep...
SOC 3, Security compliance, SOC 3, Designing security programs
Introducing Strike Graph’s new AI security assistant
We’re excited to announce that Strike Graph is launching our new AI security assistant.
Security compliance, Operating security programs, AI and automation
Why measuring your TrustOps or security program is essential
Welcome back! This is the third and final installment in our three-part blog series about the best way to create your TrustOps or security program.
TrustOps, Measuring/certifying security programs
The ins and outs of operating a TrustOps or security program
This is the second post in a three-part blog series about how to create your TrustOps or security program using three interlocking phases: design, operate, and measure. If you missed the first installment, not to worry there’s a quick recap below.
TrustOps, Operating security programs
Introducing Strike Graph teams
When it comes to compliance management, it can be difficult to keep everyone in your organization on the same page.
Security compliance, Operating security programs, Company news
How to design your security program
The common wisdom about data and privacy compliance just isn't keeping up with the current business landscape. So what can business and tech leaders do about it? If you want to outpace the competition while creating a security program that will stand...
Security compliance, TrustOps, Designing security programs
Strike Graph’s trust asset library turns compliance into revenue
Trust assets can provide your organization with the very tangible proof it needs to prove that your company is trustworthy, which opens business opportunities and boosts revenue. But how do you make the most of them?
TrustOps, Measuring/certifying security programs, Boosting revenue
Has the Data Protection Act of 1988 been repealed?
With the landscape of privacy and security constantly evolving, it can be a challenge to know when legislation has changed with it – especially older, foundational laws like the Data Protection Act of 1988. And if an older law like this is no longer ...
GDPR, Security compliance, Designing security programs
Is the Data Protection Act of 1988 still in force?
In today’s world of cybersecurity, there are constantly evolving laws and regulations that keep businesses strong against the ever-changing threats that lurk in cyberspace. Knowing the history of influential laws in the cybersecurity industry, like t...
GDPR, Security compliance, Designing security programs
How many controls are there in ISO 27001:2022?
As a quick refresher: controls are actions that mitigate security risks. They’re typically defined by three main factors: who performs an activity, the nature of the action, and how often the action happens.
ISO 27001, Security compliance, Operating security programs
What is FedRAMP and how can you get FedRAMP authorized?
One of the largest buyers of cloud technology is the federal government.
FedRAMP, NIST 800-53, Security compliance, Measuring/certifying security programs
How mature is your security program?
You know you need to address security. Maybe you know which framework is most appropriate for your industry or even already have that certification. But do you know how to get from where you are to a fully mature TrustOps program?
Security compliance, TrustOps, Designing security programs
The Strike Graph HIPAA certification is here!
If you’re looking to prove your business is HIPAA compliant in order to boost your business, then you’ve come to the right place.
TISAX, HIPAA
%20(1).png?width=180&height=120&name=Blog%20Image%20(1220x560)%20(1).png)
Collision 2023 – compliance tech to build trust
This one’s for the trailblazers, innovators, tech enthusiasts, and future-forward thinkers! As we gear up for the much-anticipated Collision Conference 2023 in Toronto, there’s one exhibitor that you should have firmly on your radar – Strike Graph.
CPRA, TrustOps, Company news
TISAX requirements
TISAX, which aims to provide a standardized approach to information security across the automotive industry, has certain requirements organizations need to comply with.
TISAX, Security compliance, Designing security programs
TISAX Levels Simplified: Differences, Preparations & Checklists
For automotive vendors, TISAX compliance is no longer optional — it’s a ticket to doing business in the competitive auto industry. This guide compares the three TISAX assessment levels to help you prepare for compliance. Also, get a free TISAX prep c...
TISAX, Security compliance, Designing security programs
Combine software and service to optimize your security program
In today’s data-and-privacy-focused business environment, companies need to pay attention to compliance from day one. All-in-one compliance platforms like Strike Graph make it easier than it’s ever been to design a robust security program. But what i...
SOC 1, Security compliance
Strike Graph now supports TISAX for automotive success
We are thrilled to announce that Strike Graph now supports the Trusted Information Security Assessment Exchange (TISAX) framework, enabling automotive companies and their partners to achieve and maintain compliance with less effort. Whether you are r...
TISAX
TISAX vs. ISO 27001: Similarities, Differences, Mappings & Streamlining
TISAX and ISO 27001 are both data security certifications, but they have different purposes. TISAX applies to the German auto industry and its suppliers. ISO is a global certification for any company. TISAX stands for Trusted Information Security Ass...
TISAX, ISO 27701, Security compliance, Designing security programs
How to become HIPAA compliant — and why you should
Is your business required to be HIPAA compliant? HIPAA violation fines could cost your business millions, so it’s essential to know. Plus, HIPAA compliance can actually help you increase your revenue.
HIPAA, Security compliance, Measuring/certifying security programs
How do I transition from ISO 27001: 2013 to ISO 27001: 2022?
In October of 2022, ISO 27001 was updated from ISO 27001: 2013 to ISO 27001: 2022.
Security compliance, Operating security programs
What are trust assets, and how do they grow your revenue?
There are few things more important in the current business climate than building and maintaining customer trust. To truly succeed, companies need to take a proactive approach to trust operations. TrustOps is a holistic approach to building trust wit...
TrustOps, Measuring/certifying security programs, Boosting revenue
What is a chief trust officer (CTrO)
Trust is an important part of any business. In fact, recent reports have found that it’s essential:
Security compliance, TrustOps
What is TrustOps and why does it matter for your business?
Looking to build trust with your customers and partners? You already know that protecting customer information and privacy is key, but it's not just about following policies and procedures.
Security compliance, TrustOps, Boosting revenue
Don’t get caught off guard by the next banking crisis
The collapse of Silicon Valley Bank (SVB) has sent shockwaves through the financial and tech industries, serving as a stark reminder of how quickly a banking crisis can occur. This incident highlights the need for individuals, businesses, and governm...
Security compliance
Who needs CMMC certification?
The CMMC, or Cybersecurity Maturity Model Certification, was established by the US Department of Defense (DoD) in 2019. This allowed them to transition from a process that only included self-attestation of an organization’s basic cyber security lands...
CMMC, NIST 800-171, Security compliance, Designing security programs
-min.svg)
How do I conduct a vendor risk assessment?
Conducting a thorough vendor risk assessment can help your business ensure that every company you work with is trustworthy and secure. It can help you avoid bad actors and know that your data is safe with those you do choose to work with.
Measuring/certifying security programs, Risk management
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(15).jpg)
What are the 6 stages of risk management?
Risk management is the identification, assessment, prioritization, and control of an organization’s risk. These risks can be strategic, legal, security, economic, or financial in nature and can stem from myriad sources, including management errors, l...
Designing security programs, Risk management
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(16).jpg)
Everything you need to know about the SOC 2 audit process
Approaching the SOC 2 audit process can be overwhelming if you’re new to the procedure, especially if you’ve been tasked with getting your business SOC 2 compliant ASAP.
SOC 2, Security compliance, Measuring/certifying security programs
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(17).jpg)
How do I become SOC 2 Type 2 compliant?
A SOC 2 attestation is important for those businesses that need to demonstrate they’ve adopted a robust security program to protect the data of their customers.
SOC 2, Security compliance, Measuring/certifying security programs
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(18).jpg)
The difference between SOC 1 and SOC 2
There can be a lot of confusion around compliance frameworks, especially those with similar names like SOC 1 and SOC 2 — which stand for System and Organization Controls — and ISO 27701 and ISO 27001.
SOC 1, SOC 2, Security compliance, Designing security programs
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(19).jpg)
What was the data protection act of 1988?
With new security laws passing every year, and old laws constantly updating, the origins of current regulations can get lost in the haze of the past. But, knowing how current legislation came to be can give you a leg up in understanding the broader c...
GDPR, Security compliance
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(20).jpg)
How Strike Graph's AI-powered platform transforms compliance and accelerates security certifications
For organizations navigating today’s complex security landscape, achieving and maintaining compliance isn’t just about checking boxes—it’s about building a resilient, future-proof security program. Yet, traditional approaches to security certificatio...
Security compliance, Measuring/certifying security programs
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(21).jpg)
Who must comply with SOC 2 requirements
If you’re a business that deals with customer data, SOC 2 is a hot topic in both your security landscape and your pitch for new customers. More and more, potential clients are making SOC 2 compliance an absolute necessity for any vendor they’ll consi...
SOC 2, SOC 2, Security compliance, Designing security programs
.jpg?width=180&height=120&name=ezgif_com-gif-maker%20(22).jpg)
Announcing a smarter way to get security certifications
We’re excited to announce that we’ve expanded Strike Graph to include a new integrated solution that allows customers to go through security audits powered by technology at a fraction of the cost and time.
Company news
Can you fail a SOC 2 audit?
Now that we’re in 2023, businesses are prioritizing their security more than ever. Compliance guidelines like SOC 2 are becoming minimum expectations for doing business with a quickly-growing number of companies.
SOC 2, Security compliance, Measuring/certifying security programs
How much does a SOC 2 audit cost?
How much does a SOC 2 audit cost? A lot less when you use an all-in-one solution like Strike Graph.
SOC 2, Security compliance, Measuring/certifying security programs
6 types of vulnerability scanning
Don't wait for an attacker to find the holes in your company’s security measures. With vulnerability scanning, you’ll be able to take preventative measures against data theft before it becomes an issue.
Designing security programs, Risk management
What is a network security test?
You’ve spent years developing your software, building your business, and planning for the growth of your organization. You’ve poured your energy and passion into making your vision a reality, and you’re thrilled to see it moving forward.
Measuring/certifying security programs, Risk management
Why are governance, risk, and compliance important?
With new security risks, changing regulatory requirements, and third-party vendors, navigating the security compliance landscape is more complex than ever. But, addressing these challenges is an important step for companies looking to build a reliabl...
Security compliance, TrustOps
Compliance attestation: What it is and how it affects your business
Are you ready to take your business’s security compliance to the next level? Then compliance attestation may be in the cards for you.
Security compliance, Measuring/certifying security programs
Regulatory compliance software: Which should you choose?
Regulatory compliance is a company’s adherence to state, federal, and international laws, regulations, guidelines, and specifications relevant to its business processes and operations.
Security compliance, Operating security programs
%20(1)%20(1)%20(1)%20(1)%20(1)%20(1).jpg?width=180&height=120&name=CPRA-is-here%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1).jpg)
The CPRA – California Privacy Rights Act – is here!
The California Privacy Rights Act (CPRA) is one of the most comprehensive consumer protection measures in the United States — and it’s active as of January 1. This new legislation, which replaces the CCPA, is focused on consumers’ right to control th...
CCPA/CPRA, Security compliance
What is a security audit and how can it benefit your small business?
When the average cost of a data breach in the United States in 2022 is $9.44M ($5.09M above the global average), organizations of every size can appreciate the need for a security plan.
Security compliance, Measuring/certifying security programs, Boosting revenue
.webp?width=180&height=120&name=image%20(7).webp)
What is compliance tracking?
Compliance tracking, also known as compliance monitoring, is the process of monitoring and organizing compliance-related information and activities. This process includes quality assurance tests, audits, and inspections — both internal and external —...
Security compliance
Do you need an ISO 27001 audit in 2023? Probably!
In 2023, data security and privacy will remain a top concern for businesses of all sizes. So, it should come as no surprise that organizations are taking more and more measures to keep sensitive information safe. One such measure is ISO 27001 certifi...
ISO 27001
.webp?width=180&height=120&name=image%20(9).webp)
Security compliance for startups: 3 reasons you need to start now
Startups need to take special care to be proactive in ensuring their security compliance, or else they risk tremendous potential costs, financial and otherwise. With your startup’s reputation and financial well-being on the line, there’s no room for ...
Security compliance, Designing security programs
What is the purpose of compliance risk management?
Whether your business is private or public, state or federal, or for- or non-profit, you’re exposed to compliance risk — and you should take it seriously. If you don’t, you could find yourself sure that on the wrong side of laws and regulations, hurt...
Security compliance, Risk management
Strike Graph now offers NIST 800-171
We’re happy to announce that Strike Graph now offers NIST 800-171!
NIST 800-171, Company news
What is cybersecurity governance?
Organizations today are operating in an increasingly complex threat landscape. And without oversight from leadership, cybersecurity threats can slip through the cracks created by a remote workforce or siloed departments. Proactive leadership teams ar...
Security compliance, TrustOps
HITRUST vs. HIPAA
In the world of healthcare, individual patients once felt they had little control over their personal information and who could access it. The Health Insurance Portability and Accountability Act of 1996 — HIPAA for short — was put in place to protect...
HIPAA, Security compliance, Designing security programs
What are the NIST SP 800-171 controls?
IT security has become a necessity in all tech-related industries — not only in the private sector but for companies that work with the federal government, as well. That’s why it’s essential to be aware of the security frameworks (like NIST SP 800-17...
NIST 800-171, Security compliance, Operating security programs
What is an information security policy, and do you need one?
If you’re looking to improve your organization’s data security, you’re probably aware of the dramatic fallout that data breaches can cause. Implementing a strong security policy can help your organization protect end-user data from being exposed, pre...
Security compliance, Designing security programs
What is NIST certification?
NIST compliance — often referred to as NIST certification — is required of any organization that does business with the US government, as well as many state agencies. That’s because, as required by the Federal Information Security Management Act (FIS...
NIST 800-171, NIST 800-53, Security compliance, Designing security programs
What are the 5 steps in the NIST cybersecurity framework?
The NIST Cybersecurity Framework — or CSF — was a result of an Obama-era executive order (Biden released a similar executive order). Essentially, it’s the US Government's take on cybersecurity and data protection best practices pulled from other fram...
NIST 800-171, NIST 800-53, Security compliance, Designing security programs
A cheatsheet for common GDPR terms
Ready to learn all about common GDPR terms like data portability, pseudonymization, icons, security of processing, and more? Then this cheat sheet will help! By understanding these terms, you’ll have a better handle on what’s expected of you and your...
GDPR, Security compliance, Designing security programs
SOC 2 Type 1 vs Type 2 — What’s the difference?
SOC 2 (System and Organization Controls) is one of the most important compliance frameworks for Saas companies. It deals heavily with IT and security controls, but it also covers business operations that reflect a comprehensive approach to security g...
SOC 2, Security compliance, Designing security programs
What are the 7 types of risk to your business?
Try as we might, there really is no way to have a completely risk-free business. Risk, as it applies to business, is defined by Investopedia as anything that could potentially lower profits, threaten the ability to reach financial goals, or in the wo...
Designing security programs, Risk management
What is required for GDPR compliance?
GDPR, or the General Data Protection Regulation, is Europe’s data privacy and security law. If your business directly targets, collects, and/or manipulates the personal data of EU residents — or does so as a subcontractor of another organization — th...
GDPR, Security compliance, Measuring/certifying security programs
Understanding cybersecurity compliance
When you hear the term cybersecurity compliance, it’s referring to following specific data and security regulations designed to protect the data on computerized systems. Security compliance is often perceived as being overwhelming, but it doesn’t hav...
Security compliance, Designing security programs
How many controls are there in ISO 27701?
If you’re considering ISO 27701 certification, you probably want to understand exactly how many controls you’ll need to tackle to reach compliance. As a quick refresher, a control is a procedure or protocol that a company puts in place in order to mi...
ISO 27701, Security compliance, Designing security programs
What is a vendor risk assessment questionnaire?
The vendor risk assessment questionnaire — also known as a security questionnaire, third-party vendor assessment, or cloud security questionnaire – is a list of technical questions that reveal a company’s security and compliance processes and procedu...
Measuring/certifying security programs, Risk management
Unlock revenue with HIPAA compliance
When you hear the phrase “HIPAA compliance,” you might first think about the effort and resources necessary to meet the Health Insurance Portability and Accountability Act’s many requirements. HIPAA isn’t just a hurdle you have to jump, though.
HIPAA, Security compliance, Measuring/certifying security programs, Boosting revenue
What are the rule exceptions to HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a collection of medical privacy regulations for healthcare organizations handling protected health information (PHI). HIPAA sets the standard for security, privacy, and integrity of p...
HIPAA, Security compliance, Designing security programs
Top 5 things our customers love about Strike Graph
Our customers have spoken — and we have five stars on G2! G2 is the largest and most trusted software marketplace. More than 60 million people use it annually to make smarter software decisions based on 100% validated, authentic peer reviews written ...
Company news
What are the 8 GDPR rights?
If you’re planning to — or already are — doing business in the EU, it’s essential that you comply with the requirements of the General Data Protection Regulation, or GDPR. Achieving GDPR compliance means you’re taking a strong stance to protect your ...
GDPR, Security compliance, Designing security programs
What are the exceptions to CCPA?
You may already know the basics of the California Consumer Privacy Act (CCPA) and understand which types of information it regulates. But, do you know about CCPA exceptions? That’s right, the CCPA exempts certain companies and data types. To find out...
CPRA, Security compliance, Designing security programs
What is a PCI Qualified Security Assessor?
PCI DSS was developed and is regulated by major credit card companies to help organizations proactively protect sensitive customer account data by implementing consistent data security measures.
PCI DSS, Security compliance, Measuring/certifying security programs
Unstructured data and its impact on SOC 2 compliance
Getting a handle on your company’s unstructured data can seem like a big challenge. But you’ll need to make it happen if you want to reach SOC 2 compliance. After all, a SOC 2 attestation indicates that a company has comprehensive information securit...
SOC 2, Security compliance, Risk management
.png?width=180&height=120&name=IMG_7147%20(cropped).png)
Succeed together — from far apart
The world of remote work is here to stay — whether that’s full-time or part of a hybrid model. But what does this new world of work mean for teams dispersed across the country, or even the globe? While some studies have shown that a shift to remote w...
Company news
Who needs to comply with the CCPA?
The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020 — and ever since it has only become stricter. In fact, each CCPA violation can incur a penalty of up to $7,500.
CPRA, Security compliance, Designing security programs
How much does ISO 27001 certification cost?
You should budget carefully for your ISO 27001 certification. Building a complete ISMS (or information security management system) is no small feat. A lot of variables determine costs, including who will be running the ISMS program, the size of the o...
ISO 27001, Security compliance, Measuring/certifying security programs
ISO 27001 controls
In a world of increasingly frequent cyberattacks, companies need to be sure their vendors take information security seriously. Many turn to ISO 27001 certification (rather than SOC 2) to decide if a potential business partner can protect sensitive da...
ISO 27001, Security compliance, Operating security programs
The HIPAA Privacy Rule: Is your organization a covered entity?
With the passage of HIPAA, the Department of Health and Human Services issued an important regulation to protect patients’ health and personal information: the Privacy Rule. Before we dig into the details of what the HIPAA Privacy Rule is and which t...
HIPAA, Security compliance, Designing security programs
ISO vs. GDPR Compliance: Similarities, Differences, Mappings & Streamlining
GDPR, ISO 27001, and ISO 27701 help protect data privacy and security, but they serve different roles. This guide explains how they compare, where they overlap, and how ISO certification can support GDPR compliance. Also, get a GDPR-ISO control map.
ISO 27001, GDPR, ISO 27701, Security compliance, Measuring/certifying security programs, Operating security programs, Designing security programs
Security frameworks 101
With so many IT security frameworks out there, figuring out which one applies to your organization can be confusing. Below, you'll find details about common frameworks to help you determine which might be right for your organization. The good news is...
Security compliance, Designing security programs
Who must comply with PCI DSS?
PCI DSS compliance reduces the risk of intrusions and theft, building trust with cardholders and signaling to the marketplace that your organization takes data and privacy protection seriously. If your business requires you to hold or transfer credit...
PCI DSS
What are the 3 rules of HIPAA?
When you hear people discuss HIPAA, it’s likely you’ve noticed them mentioning three very important rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. Why do these rules matter? Because failure to adhere to them can result ...
HIPAA, Security compliance, Designing security programs
We achieved SOC 2 Type 2 compliance!
We’re delighted to share that Strike Graph has achieved SOC 2 Type 2 compliance!
Company news
What is TPRM or third-party risk management?
What is TPRM? TPRM refers to third-party risk management and is sometimes used interchangeably with vendor risk management. It is the set of practices that organizations employ to address or minimize the impact and likelihood of cybersecurity events ...
Designing security programs, Risk management
What is summary health information?
HIPAA is a dictionary in and of itself. With so many terms — like summary health information — floating around the Health Insurance Portability and Accountability Act of 1996 (HIPAA), it can be difficult to untangle what they each mean and how they r...
HIPAA, Security compliance, Designing security programs
SOC 1 vs. SOC 2 vs. SOC 3: Differences, Decision Tree, Checklists & AI Efficiencies
Need to understand how SOC 1, SOC 2, and SOC 3 differ? This guide explains how each SOC report works, who needs which one, and when to pursue it. You’ll also get practical checklists, scaling strategies, and expert tips to help you prepare for a succ...
SOC 2, SOC 1, SOC 3, Security compliance, Designing security programs
What is compliance risk?
Compliance risk refers to the financial, legal, reputational, or business impact on an organization of any size or structure of not adhering to a set standards, laws, or frameworks. Most organizations think of risk in terms of a negative outcome. For...
Security compliance, Designing security programs, Risk management
Get your business ready for the California Privacy Rights Act (CPRA)
On January 1, 2023, the California Privacy Rights Act (CPRA) took effect and replaced the California Consumer Privacy Act (CCPA). Have you made the shift? Having the flexibility to transition your security stance quickly when privacy rights and regul...
CCPA/CPRA
What are the 4 PCI DSS levels?
The four PCI DSS compliance levels explained The four PCI standards — more commonly referred to as the four PCI DSS compliance levels — are an important component of the PCI DSS certification process. In this post, we’ll take a look at the ins and ou...
PCI DSS
What are the 7 GDPR principles?
As we discussed in our previous post, Chapter 2, Article 5 of the General Data Protection Regulation (GDPR) lays out GDPR’s seven protection and accountability principles. Rather than act as hard rules, these principles serve as an overarching framew...
GDPR, Security compliance, Designing security programs
Comparing ISO 27001 & ISO 27701: Differences, similarities, and dual certification process
As one of the first compliance software companies to offer the ISO 27701 framework after having offered ISO 27001 for a few years, we thought we’d dig into what really sets these two standards apart and what the certification process looks like for e...
ISO 27001, ISO 27701, Security compliance, Designing security programs
The 12 PCI DSS requirements: an in-depth look
As we recently announced, Strike Graph now supports PCI DSS. But a lot of people may still be wondering, what exactly does PCI DSS entail, and what are the requirements? Therefore, we thought we’d use this post to go a bit more in-depth and explore t...
PCI DSS, Security compliance, Designing security programs
From cost concern to opportunity maker
Justin Beals, CEO at Strike Graph sits down with David Penn, Research Analyst with Finovate at the Finovate Spring 2022 conference to talk about the current compliance landscape, finding the right partner, and what is unique about the Strike Graph te...
Security compliance, Boosting revenue
Need a quick guide to GDPR? Start here.
The General Data Protection Regulation, or GDPR, is Europe’s data privacy and security law that went into effect on May 25, 2018. Governed by the EU’s Information Commissioner's Office (ICO), it imposes obligations on organizations around the world t...
GDPR, Security compliance, Designing security programs
Strike Graph now supports PCI DSS
That's right; we now support PCI DSS — also known as Payment Card Industry Data Security Standard—which was created by VISA, AmEx, MasterCard, and Discover to increase cardholder data controls and secure credit and debit card transactions against fra...
PCI DSS, Company news
What is PCI DSS?
Keeping transaction and credit card data secure is critical for any business collecting or storing this information. Listen to compliance experts Justin Beals and Sam Oberholtzer as they share insights about what PCI DSS is, who needs to comply, why ...
PCI DSS
CCPA / CPRA compliance: What you need to know
The California Consumer Privacy Act (CCPA) began as a ballot initiative sponsored by Californians for Consumer Privacy. The CCPA was signed into law on June 28, 2018 by Governor Jerry Brown as Assembly Bill 375 (AB 375), and became effective on Janua...
CPRA, Security compliance, Designing security programs
SOC 2 Report Example
What is a SOC 2 Attestation Report? It’s the pot of gold at the end of the service authorization control (SOC 2) audit journey. These reports—issued by independent CPAs—affirm that a company’s data management practices meet criteria issued by the Ame...
ISO 27701 basics
As you may have recently heard, Strike Graph now supports ISO 27701. In this post, we wanted to explain a little bit more about what ISO 27701 is, why it’s important, and how Strike Graph can help your organization achieve certification. Without furt...
ISO 27701, Security compliance, Designing security programs
.jpg?width=180&height=120&name=medium%20(1).jpg)
Compliance in the education technology industry
What does compliance mean in the education technology industry? Learn more with Justin Beals and Sam Oberholtzer as they discuss the ins and outs of FERPA (Family Educational Rights and Privacy Act) and why compliance in education matters. What is FE...
PCI DSS, Security compliance, Designing security programs
Understanding and accelerating security questionnaires
As more and more organizations migrate sensitive customer data to the cloud, System and Organization Control 2 (SOC 2) compliance increasingly becomes a necessity for doing business. Any company offering software as a service (SaaS) or storing custom...
Measuring/certifying security programs, Risk management
Auditors and security controls: where to draw the line
Gone are the days of letting certified public accountant (CPA) auditors tell you what security or governance controls you need for your organization. CPAs are not experts in security or compliance—they are experts in testing and quality assurance. Li...
Security compliance, Measuring/certifying security programs
The six stack: 6 software solutions for startup success
Choosing the right software for managing your business can be a daunting task, especially for the startup. On the one hand, technology has made it easier and more efficient than ever to start and run a business. But on the other, with so many options...
IT security
.jpg?width=180&height=120&name=medium%20(2).jpg)
Strike Graph compliance made easy
SOC 2 is vital to building trust with potential clients and growing your business. Strike Graph's flexible platform empowers you to design a security program that fits your business needs. Strike Graph is a compliance SaaS solution simplifying securi...
Cybersecurity Frameworks 101
With so many IT security frameworks out there, figuring out which one applies to your organization can be confusing. In this blog, we’ll focus on frameworks that can be audited or certified against. This is not to say that frameworks such as COBIT or...
12 vendor management best practices
Prospects increasingly demand assurances about an organization’s security stance, as well as that of their vendors. Businesses are now called upon to evaluate the criticality of a vendor, the services provided by each, and the access they have to sen...
Security questionnaires, Operating security programs, Risk management
AICPA guidance and SOC 2 audit practices
Join Strike Graph CEO Justin Beals as he discusses the nuances and intricacies of SOC 2 audits, AICPA's guidance, and the direction in which that guidance might be moving with audit experts Sam Oberholtzer and Michelle Strickler. Please enjoy a trans...
SOC 2, SOC 2, Security compliance, Measuring/certifying security programs
How our customers achieve success with flexible compliance management
Written by Jordan Bellman In my experience as a Manager of Customer Success at Strike Graph, I’ve become quite familiar with the trends in my customers’ anxieties as they embark on their maiden SOC 2 voyage. One of the most common questions I get ask...
Security compliance, Boosting revenue
The differences between ISO 27002: 2013 and ISO 27002: 2022
You’re probably already familiar with ISO 27001, which establishes a framework for how organizations should manage the security of their data via an Information Security Management System, or ISMS. But what is ISO 27002?
ISO 27002, Security compliance, Designing security programs
Penetration testing costs: Key factors, pricing insights and cost management
The cost of penetration testing varies widely due to factors such as company size, environment, type of penetration test, and security goals. Understanding your organization’s security goals and compliance requirements determines the scope and depth ...
Pen testing, Measuring/certifying security programs, Risk management
Strike Graph now supports ISO 27701
Did you know that we now support the International Organization for Standardization (ISO) 27701 standard? This new addition to our framework library is standard for privacy information management and helps companies stay ahead of the compliance curve...
ISO 27701, Company news
Understanding regulation, security, governance, and compliance
Confused about all the jargon and buzzwords in the cybersecurity world? Regulation, security, governance, compliance ... What's it all mean, really? Justin Beals, CEO and Co-Founder of Strike Graph, joins Sam Oberholtzer, Director of Sales Engineerin...
Security compliance, TrustOps
Antivirus software: helpful or harmful?
Justin Beals and Sam Oberholtzer talk about antivirus and the role (and risk) it plays in security. Do you need to install it on all your computers? Why, or why not? Please enjoy a transcription of the audio recording: Justin Beals (00:02) Hi, Sam, i...
Security compliance, Risk management
No Result Found!
