Everything you need to know about security compliance
Whether you're new to cybersecurity or expanding an already robust security stance, we have resources to support your learning.
Recommended:
Result for
No result was found.
Guides
TrustOps implementation: an in-depth guide
Ready to take a deep dive into TrustOps? This guide gets into the nitty gritty details of how to design, operate, and measure a robust TrustOps program.
June 17, 2024
Guide
The essential TrustOps guide for 2024
If you’re waiting for the right time to tackle TrustOps, this is it. With a little planning now you can be miles ahead of the competition in the coming year, closing bigger deals faster, attracting more customers, and building brand loyalty.
March 01, 2024
Guide
Which security frameworks does my company need?
With so many compliance rules out there, it can feel like framework alphabet soup. In this guide, we go industry by industry so you know exactly what you need.
January 03, 2024
Guide
Will automation boost or break your security program?
AI and automation are great! But using them unwisely can undercut your security program. In this guide, we explore how to take a smart and effective approach.
March 21, 2024
Guides
What is governance, risk, and compliance?
Learn about GRC – governance, risk, and compliance – and how this business-wide strategy compares with TrustOps.
June 17, 2024
Guide
What cannot be shared under HIPAA?
HIPAA doesn’t need to be complicated. Explore our quick overview of what cannot be shared under HIPAA and take the first step toward compliance.
March 06, 2024
Guide
Looking for a SOC 2 report example? Here you go!
This SOC 2 report example contains commonly reviewed SOC 2 security controls and keys systems, so you can better understand what to expect.
March 06, 2024
Guides
Is your EdTech security robust enough?
Learn about the security risks EdTech companies face, and how your company can build resilience against threats through cybersecurity compliance.
June 17, 2024
Guide
CCPA vs. GDPR
Don’t know if your organization needs to be CCPA or GDPR compliant? Start here.
March 06, 2024
Guide
What is the ISO 27000 series?
Learn everything you need to know about improving your organization’s information security with the ISO 27000 series standards
April 24, 2024
Guide
5 things startups need to know about HIPAA compliance
New to the health tech space and unsure about HIPAA? Strike Graph's guide helps clarify the confusion and put you on the right track to compliance.
July 24, 2024
Guide
5 things a founder should know about SOC 2
Unsure where to start on your SOC 2 compliance journey? We're here to help guide you each step of the way.
March 06, 2024
Case Study
ORM Technologies: SOC 2 30% faster
Learn how ORM Technologies achieved SOC 2 30% faster with Strike Graph.
July 24, 2024
Case Study
Visible: Shifting SOC 2 from resource obstacle to marketing asset
Discover how Visible reduced its sales cycle time by 30% using Strike Graph’s compliance and certification platform.
July 24, 2024
Case Study
DocuPhase: 50% less work with multi-framework mapping
Learn how DocuPhase shifted from a reactive to proactive security approach and cut their HIPAA work in half with Strike Graph.
July 24, 2024
Case Study
Catalyst Solutions: From bogged down to boosting sales
Learn how Catalyst Solutions used the Strike Graph compliance and certification platform to overcome significant compliance gaps and reach SOC 2 compliance with fast.
July 24, 2024
Case Study
Achieving compliance with HIPAA and SOC 2
Learn how GoReact — an award-winning, cloud-based video platform — obtained SOC 2 and HIPAA compliance in a matter of just weeks thanks to Strike Graph.
July 24, 2024
Case Study
How BioAgilytix got ISO 27001 certified 2x faster
How BioAgilytix Got ISO 27001 Certified 2x Faster. BioAgilytix, a seasoned team of highly experienced scientific and QA professionals, knew that despite their success in delivering best-in-class science, ISO 27001 was outside their scope of expertise. So they came to Strike Graph for help.
July 24, 2024
Case Study
How Strike Graph helped BugSplat move closer to SOC 2 compliance
How Strike Graph Helped BugSplat Move Closer to SOC 2 Compliance
July 24, 2024
Case Study
Satisfying customers and landing more contracts: NROC’s SOC 2 journey
Learn how NROC completed a Type 1 and a Type 2 audit within one year, positioning themselves for more revenue opportunities.
July 24, 2024
Case Study
Foundation AI: gaining trust and winning deals through SOC 2
Learn how Foundation AI benefited from Strike Graph’s security packet and collected evidence for SOC 2 with minimal effort.
July 24, 2024
Case Study
LCvista saved time, money, and resources with Strike Graph
LCvista Saved Time, Money, and Resources With Strike Graph
July 24, 2024
Blog
Lessons from the CrowdStrike outage: Why verification is the missing piece in modern security automation
Wondering which security frameworks might be helpful for your organization? Read on to learn about some of most common standards and certifications.
July 24, 2024
Blog
Navigating GDPR: How to protect data subject rights
Find out how to navigate GDPR and protect your data subject rights with Strike Graph's easy-to-follow guide. It's all about staying compliant and building trust, the smart way!
July 23, 2024
Blog
Navigating the Evolving Security Landscape: An In-Depth Look at the Gartner Security & Risk Management Summit
Learn how a well-planned cybersecurity certification roadmap can streamline your compliance process, saving time and reducing stress.
July 03, 2024
Blog
Streamlining security compliance: the essential cybersecurity certification roadmap
Learn how a well-planned cybersecurity certification roadmap can streamline your compliance process, saving time and reducing stress.
July 17, 2024
Blog
Empowering innovation through customized compliance: the Strike Graph advantage
Discover how Strike Graph's comprehensive platform transforms compliance for tech-forward companies with customizable controls, collaboration tools, and strategic insights for unparalleled agility and security.
July 03, 2024
Blog
Simplifying compliance together: Here's what our customers are saying about Strike Graph
Discover what our customers are saying about their journey to simplified compliance with Strike Graph! From stress-free certifications to the power of AI and automation, learn how we turn the compliance process into a streamlined, revenue-boosting experience.
July 26, 2024
Blog
Simplifying data security compliance in a complex regulatory landscape
Don’t let compliance with multiple security frameworks bog you down. Strike Graph’s multi-framework data security compliance platform streamlines the process.
July 03, 2024
Blog
Penetration tests vs. vulnerability scans
Learn how pen testing and vulnerability scanning combat AI cyber threats to fortify your data security in our essential guide.
July 26, 2024
Blog
Decoding the HIPAA Omnibus Rule: A guide for HealthTech professionals
Navigate the complexities of the HIPAA Omnibus Rule with insights on achieving and proving compliance, crucial for HealthTech professionals looking to safeguard patient information.
July 26, 2024
Blog
The key to understanding SOC reports
Everything you need to know about SOC 1, SOC 2, and SOC 3 reports, including what’s in them and the benefits they can offer your business.
July 26, 2024
Blog
Strike Graph now supports the HIPAA privacy rule for covered entities!
For covered entities, meeting the standards of the HIPAA privacy rule is non-negotiable. Strike Graph empowers health-sector companies to efficiently meet these requirements and leverage their security measures to build customer trust and outperform the competition.
July 26, 2024
Blog
Strike Graph solves the unique HIPAA challenges of HealthTech
HealthTech companies face unique challenges when it comes to security and privacy — including HIPAA compliance. Here’s how Strike Graph solves them.
July 12, 2024
Blog
Risk ownership and scoring: Why Strike Graph is your go-to platform for risk-based compliance
Risk-based security compliance is a breeze with Strike Graph’s suite of risk-management tools like risk ownership and scoring.
July 03, 2024
Blog
The essential HIPAA compliance checklist for HealthTech companies
Unsure whether your HealthTech company needs to be HIPAA compliant? Here’s how HIPAA applies to HealthTech and a compliance checklist to get you started.
July 26, 2024
Blog
New Strike Graph framework | CIS builds trust without an audit
Strike Graph now supports CIS, a versatile, robust security framework for companies looking to prove their commitment to data security without committing the time and resources necessary to complete a formal audit.
July 03, 2024
Blog
Should I get GDPR and ISO 27701 at the same time? Yes!
Independently, GDPR and ISO 27701 can feel like heavy lifts — tackling GDPR and ISO 27701 together saves you both time and resources.
July 03, 2024
Blog
Closing deals the easy way: see what a difference Strike Graph makes
Independently, GDPR and ISO 27701 can feel like heavy lifts — tackling GDPR and ISO 27701 together saves you both time and resources.
July 03, 2024
Blog
4 trends shaping HealthTech compliance in 2024
4 healthcare and healthtech compliance trends to watch. and how to protect your organization. Solutions from Strike Graph, a leader in healthcare compliance.
July 03, 2024
Blog
Strike Graph and Judy Security partner to bring the best of security compliance and cybersecurity tech
Innovation benefits from thoughtful collaboration — which is why Strike Graph is pleased to announce we’ll be partnering with Judy Security to bring together the best cybersecurity and security compliance tech.
July 03, 2024
Blog
Enhancing collaboration and efficiency: the power of control notes and comments
Bring real-time collaboration tools to your risk mitigation process with Strike Graph’s control comments and notes.
July 03, 2024
Blog
Satisfy security demands now with Strike Graph’s security overview
You need to get certified — fast. Strike Graph’s security overview gives you immediate proof that you’re in the process of securing your data.
July 03, 2024
Blog
$8.5 million in new funding propels Strike Graph’s mission to revolutionize security compliance
Strike Graph announces $8.5 million in new funding, led by BAMCAP with participation from existing investors Madrona and Information Venture Partners, and Rise of the Rest.
July 26, 2024
Blog
What is the difference between NIST SP 800-53 and SP 800-171?
NIST 800-53 or 800-171? Federal or non-federal? FedRAMP? FISMA? If you need help navigating NIST publications and FISMA audits, read on to learn more.
July 26, 2024
Blog
Enhance your security program with these top 5 AI best practices
Want to use AI tools, but not sure how to use them in your security program? In this post, we show you how to strategically implement 5 AI best practices.
July 26, 2024
Blog
Take your security program from resource drain to revenue builder
Traditional security approaches are inflexible, inefficient, and costly. You need a modern approach that leverages the newest technology to save you time and resources.
July 03, 2024
Blog
7 Strike Graph features that turn anyone into a security compliance expert
Ready to tackle your compliance objectives with the team you have? Here’s how the Strike Graph platform can help — no compliance expertise required.
July 03, 2024
Blog
8 steps for conducting a NIST 800-171 self-assessment
Here’s how to conduct an 8-step NIST 800-171 self-assessment and the boost it can bring to your business.
July 19, 2024
Blog
Strike Graph’s control library makes mitigating risk a breeze
Learn how using the Strike Graph control library makes it easy to put controls in place across multiple frameworks.
July 03, 2024
Blog
Save time and resources with Strike Graph’s integrated risk assessment
Tired of wasting time on checklist approaches to security compliance? Strike Graph’s in-platform risk assessment ensures you’re covering all your vulnerabilities without wasting time and money.
July 03, 2024
Video
Video | PCI DSS vs. SOC 2: Take advantage of the overlap
PCI DSS vs. SOC 2 — Save time and resources by understanding how these two major cybersecurity frameworks overlap.
July 15, 2024
Blog
PCI DSS levels 101: requirements, examples & starter kit
Our compliance experts explain the PCI DSS levels and requirements. Explore the recent changes to PCI DSS and get a free PCI DSS compliance starter kit.
July 24, 2024
Video
Video | Who must comply with PCI DSS?
Wondering if your company is subject to PCI DSS? Read on to learn who must meet PCI DSS requirements and what it takes to reach compliance.
July 15, 2024
Video
Video | SOC 2 vs. ISO 27001: Security standards for EdTech companies
Learn why SOC 2 and ISO 27001 are essential cybersecurity tools for EdTech companies.
July 15, 2024
Blog
7 reasons AI-powered compliance is crucial to your business growth
AI-powered compliance means lower costs, more accuracy, less vulnerability, and faster certification. Here’s how tech-enabled audits make this a reality.
July 03, 2024
Blog
12 SOC 2 controls that support CPRA compliance
Reduce redundancy while ensuring comprehensive coverage — among other perks. Learn how you can best leverage the framework overlap between SOC 2 and CPRA.
July 03, 2024
Blog
What to expect during your ISO 27001 and/or ISO 27701 audit
The ISO 27001 and ISO 27701 certification processes may seem complex, but armed with these tips, you’ll be able to tackle them with confidence.
July 18, 2024
Video
Video | FERPA for EdTech companies
Learn what education’s most important privacy law — FERPA — means for EdTech companies.
July 15, 2024
Blog
Prep for FedRAMP compliance using NIST 800-53
Building towards FedRAMP compliance? Become NIST 800-53 compliant first and you’ll be well on your way.
July 03, 2024
Blog
Everything you need to know about SOC 1
The ins and outs of SOC 1: What it is, why it’s important, who it’s for, the types of reports (including SOC 1 Type 1, SOC 1 Type 2, and SOC 1 Type 3) and more.
July 26, 2024
Blog
Save time and mental energy with automated evidence collection
Automated evidence collection takes the hassle out of a previously manual and tedious process, allowing you to streamline your entire compliance journey.
July 11, 2024
Blog
How multi-framework mapping can benefit your business
Here’s how the ability to map one control to multiple security frameworks can take your business to the next level.
July 26, 2024
Blog
What is SOC 3? And why your business (might) need it
Learn about what SOC 3 is, who needs it, why it’s important, and what the difference is between SOC 1, SOC 2, and SOC 3.
July 26, 2024
Blog
Introducing Strike Graph’s new AI security assistant
Save time and build a culture of trust with our new AI security assistant. Your security compliance team will thank you.
July 24, 2024
Blog
Why measuring your TrustOps or security program is essential
In the third and final installment of our series on TrustOps and security programs, we take a deep dive into how to best measure your program.
July 03, 2024
Blog
The ins and outs of operating a TrustOps or security program
In the second installment of our series, we dive into how best to operate a TrustOps or security program.
July 26, 2024
Blog
Introducing Strike Graph teams
Strike Graph’s new teams feature streamlines collaboration so you can reach compliance faster and more easily.
July 03, 2024
Blog
How to design your security program
When designing your security program, steer clear of expensive consultants and certification-in-a-box approaches — opt for a holistic approach instead.
July 26, 2024
Blog
Strike Graph’s trust asset library turns compliance into revenue
Strike Graph’s Trust Asset Library can help keep all of your trust assets in one central location, making it easier to store, locate, and share them.
July 03, 2024
Blog
Has the Data Protection Act of 1988 been repealed?
Learn about the status of the Data Protection Act of 1988 and the updates it has undergone in recent years.
July 03, 2024
Blog
Is the Data Protection Act of 1988 still in force?
Learn about the Data Protection Act of 1988, how it has changed over time, and where it intersects with GDPR.
July 03, 2024
Blog
How many controls are there in ISO 27001:2022?
With ISO 27001:2022, there are 93 instead of 114 controls, including 11 new ones. In this post we take a closer look at what those are.
July 11, 2024
Blog
What is FedRAMP and how can you get FedRAMP authorized?
FedRAMP is an important standardized approach that agencies can use to assess the use of federal data — read on to learn what that means and why it matters
July 03, 2024
Blog
How mature is your security program?
Ready to improve your security program, meet compliance requirements, improve stakeholder trust, and increase revenue? Moving up in the TrustOps maturity model makes it happen.
July 03, 2024
Blog
The Strike Graph HIPAA certification is here!
A new HIPAA certification is here. Learn what you need to do in order to achieve certification and how Strike Graph can help.
July 03, 2024
Blog
Collision 2023 – compliance tech to build trust
The leading provider of automated security compliance solutions, Strike Graph, will be at Collision Conference in Toronto June 26-29, 2023.
July 03, 2024
Blog
TISAX requirements
What are the TISAX requirements? What are the labels, and how are they different? Let’s take a deep dive.
July 15, 2024
Blog
Everything you need to know about TISAX levels
Learn what the TISAX levels are, how to reach compliance with each of them, and why maintaining a TISAX label is beneficial.
July 03, 2024
Blog
Combine software and service to optimize your security program
Pairing Strike Graph’s all-in-one compliance platform with a service provider like GoldSky can deliver a turn-key security program.
July 03, 2024
Blog
Strike Graph now supports TISAX for automotive success
Strike Graph is excited to announce that we now support TISAX — the emerging global standard for companies in the automotive industry.
June 29, 2024
Blog
TISAX vs. ISO 27001
What is TISAX? What are the differences between TISAX and ISO 27001? How are they similar? Learn all the answers to these questions and more.
July 15, 2024
Blog
How to become HIPAA compliant — and why you should
Becoming HIPAA compliant can help spare your business from costly violations. Learn more about HIPAA, who is regulated, and how to get compliant.
July 03, 2024
Blog
How do I transition from ISO 27001: 2013 to ISO 27001: 2022?
Learn when you need to transition from ISO 27001: 2013 to ISO 27001: 2022, what’s changing, and what’s staying the same.
July 02, 2024
Blog
What are trust assets, and how do they grow your revenue?
Trust assets, like certifications, prove your company is trustworthy, which boosts revenue — and they don’t have to be difficult to achieve.
July 26, 2024
Blog
What is a chief trust officer (CTrO)
Learn what a Chief Trust Officer (CTrO) does, why they’re important, and how robust reporting can make their lives easier.
July 18, 2024
Blog
What is TrustOps and why does it matter for your business?
TrustOps is all about building trust with customers and partners. Learn why TrustOps is important for your business and how to get started.
July 17, 2024
Blog
Don’t get caught off guard by the next banking crisis
In light of the SVB crisis, you may be asking what your company should do next. We have the answer — it’s time to mitigate banking risk. Here’s how.
July 02, 2024
Blog
Who needs CMMC certification?
Understanding all the ins and outs of CMMC can be difficult, but we’re here to help. Here’s who needs CMMC certification and how to achieve it.
July 03, 2024
Blog
How do I conduct a vendor risk assessment?
Learn the six stages of conducting a vendor risk assessment and know what types of risk you should be checking for with potential partners.
July 16, 2024
Blog
What are the 6 stages of risk management?
Ready to ensure a strong security posture? Start with risk management. In this post we explain the 6 stages of risk management and how you can prepare for each.
July 15, 2024
Blog
Everything you need to know about the SOC 2 audit process
Need to get SOC 2 compliant ASAP? This guide will walk you through everything you need to know about the SOC 2 audit process so you can go in prepared.
July 26, 2024
Blog
How do I become SOC 2 Type 2 compliant?
Does your organization need to become SOC 2 Type 2 compliant? Here’s how to know, and how to get there if you do.
July 26, 2024
Blog
The difference between SOC 1 and SOC 2
What’s the difference between a SOC 1 and SOC 2? What about a SOC 1 Type 1 and Type 2 and a SOC 2 Type 1 and Type 2? In this post, we break it all down.
July 03, 2024
Blog
What was the data protection act of 1988?
Learn about the history of the data protection act of 1988 and its evolution into the GDPR.
July 26, 2024
Blog
A smarter way to get your security certifications
Strike Graph now includes security certifications. Our all-in-one platform takes you from start to certification — no auditing firm required.
July 03, 2024
Blog
Who must comply with SOC 2 requirements
Learn about who needs to comply with SOC 2 requirements, and all the benefits of achieving compliance.
July 12, 2024
Blog
Announcing a smarter way to get security certifications
Strike Graph announces a new integrated solution that allows customers to go through security audits powered by technology at a fraction of the cost and time.
July 02, 2024
Blog
Can you fail a SOC 2 audit?
Learn why SOC 2 audits aren’t pass-fail, the importance of an auditor opinion, and how to prepare for an audit.
July 15, 2024
Blog
How much does a SOC 2 audit cost?
A SOC 2 audit costs a lot less when you use an all-in-one solution instead of a traditional auditing firm. Here’s why.
July 03, 2024
Blog
6 types of vulnerability scanning
Are you performing vulnerability scanning? Here’s why you should and what types of scans are available to ensure your business is secure.
July 15, 2024
Blog
What is a network security test?
Learn about network security tests, their benefits, and how Strike Graph can help you with testing.
July 16, 2024
Blog
Why are governance, risk, and compliance important?
Explore why governance, risk, and compliance (GRC) are important for your organization and learn how you can get started.
July 17, 2024
Blog
Compliance attestation: What it is and how it affects your business
Do you know the difference between certification and attestation? In this post we explore what compliance attestation is and how it affects your business.
July 17, 2024
Blog
Regulatory compliance software: Which should you choose?
Regulatory compliance software provides organizations with a framework to stay up to date with regulatory requirements and avoid compliance breaches.
July 26, 2024
Blog
The CPRA – California Privacy Rights Act – is here!
The CPRA went into full effect on January 1, 2023 — is your business ready?
July 03, 2024
Blog
What is a security audit and how can it benefit your small business?
Security audits may seem overwhelming at first, but don't worry — in this guide, we'll break down what they are and how they benefit your business.
July 11, 2024
Blog
What is compliance tracking?
Compliance tracking is the process of monitoring and organizing compliance-related information and activities. Here’s how your business can do it.
July 15, 2024
Blog
Do you need an ISO 27001 audit in 2023? Probably!
Learn why ISO 27001 audits are important for businesses managing sensitive information.
July 02, 2024
Blog
Security compliance for startups: 3 reasons you need to start now
Lack of security compliance could cost your startup millions and ruin your reputation. Learn why you should implement a security plan now for future success.
July 03, 2024
Blog
What is the purpose of compliance risk management?
If your company doesn’t have a compliance risk management plan, you could be facing a loss of reputation, revenue, valuation, and business opportunities.
July 17, 2024
Blog
Strike Graph now offers NIST 800-171
Our NIST 800-171 compliance support can help your organization better protect CUI and even achieve CMMC certification.
July 02, 2024
Blog
What is cybersecurity governance?
Discover how your leadership team can use a cybersecurity governance plan to fortify your organization against increasing cybersecurity threats.
July 18, 2024
Blog
HITRUST vs. HIPAA
Explore the relationship between the Health Insurance Portability and Accountability Act of 1996 and the security framework that proves you’re in compliance with it.
July 03, 2024
Blog
What are the NIST SP 800-171 controls?
Get all the details on the NIST SP 800-171 controls and how they apply to your organization.
July 15, 2024
Blog
What is an information security policy, and do you need one?
Creating a strong information security policy can help your organization prevent data breaches, and more. Discover what your policy should include.
July 03, 2024
Blog
What is NIST certification?
Here’s what your business will need to do in order to obtain NIST certification — actually NIST compliance — including NIST SP 800-171.
July 11, 2024
Blog
What are the 5 steps in the NIST cybersecurity framework?
Implementing the 5 steps in the NIST cybersecurity framework will help your business stay protected against potential security threats.
July 15, 2024
Blog
A cheatsheet for common GDPR terms
There are a lot of GDPR terms, and it can be difficult to keep them all straight. Hopefully this cheatsheet will help you on your journey to GDPR compliance.
July 03, 2024
Blog
SOC 2 Type 1 vs Type 2 — What’s the difference?
SOC 2 is quickly becoming one of the most important compliance frameworks for businesses. Which one should your business pursue – SOC 2 Type 1 or Type 2?
July 26, 2024
Blog
What are the 7 types of risk to your business?
While no company is risk-free, you can mitigate many kinds of risk with proper understanding and an action plan. Learn how!
July 11, 2024
Blog
What is required for GDPR compliance?
What exactly is required of your organization in order to achieve — and maintain — GDPR compliance? Let’s take a look.
July 03, 2024
Blog
Understanding cybersecurity compliance
What is compliance in cybersecurity? Why is compliance important? Read on to learn cybersecurity basics and how you can achieve compliance, quickly.
July 03, 2024
Blog
How many controls are there in ISO 27701?
Check out our overview of ISO 27701 controls for your answer, including what controls are, how they work, and how they improve your data security posture.
July 15, 2024
Blog
What is a vendor risk assessment questionnaire?
A vendor risk assessment questionnaire helps organizations identify their partners’ potential weaknesses that could result in a breach.
July 19, 2024
Blog
Unlock revenue with HIPAA compliance
Learn how HIPAA compliance can boost your company’s revenue and set you up for future success.
July 03, 2024
Blog
What are the rule exceptions to HIPAA?
HIPAA rule exceptions include state and federal exceptions, operational and occupational exceptions, emergency situation exceptions, and more.
July 15, 2024
Blog
Top 5 things our customers love about Strike Graph
See what our customers have to say about the Strike Graph security compliance platform on G2.
July 03, 2024
Blog
What are the 8 GDPR rights?
The GDPR establishes eight rights for individuals on the internet. Read about these rights and your organization's responsibilities to protect them.
July 03, 2024
Blog
What are the exceptions to CCPA?
Find out if your company or any of the information you handle is exempt from the CCPA.
July 15, 2024
Blog
What is a PCI Qualified Security Assessor?
If your company needs to undergo a PCI DSS audit, it will be performed by a PCI Qualified Security Assessor. Here’s how they’ll assess your compliance.
July 03, 2024
Blog
Unstructured data and its impact on SOC 2 compliance
A SOC 2 report ensures that service providers are securely managing your unstructured data to defend your organization’s security and privacy.
July 03, 2024
Blog
Succeed together — from far apart
The team at Strike Graph is fully remote. This means we succeed together via a culture of collaboration and smart remote work strategies.
July 02, 2024
Blog
Who needs to comply with the CCPA?
To ensure your business is CCPA compliant, you need to know what CCPA is, who needs to comply, and what happens if you don’t.
July 03, 2024
Blog
How much does ISO 27001 certification cost?
Learn about the cost of ISO 27001 certification and maintenance and decide whether the benefits of ISO 27001 outweigh the costs.
July 03, 2024
Blog
ISO 27001 controls
ISO 27001 certification proves you can protect sensitive information. Read on to learn more about ISO 27001 controls and how to implement them.
July 19, 2024
Blog
The HIPAA Privacy Rule: Is your organization a covered entity?
Learn who the HIPAA Privacy Rule applies to, which information it protects, and how your organization can reach compliance.
July 26, 2024
Blog
ISO vs. GDPR compliance requirements
Learn how tackling ISO 27701 and GDPR compliance requirements together can save you time and money.
July 26, 2024
Blog
Security frameworks 101
Wondering which security frameworks might be helpful for your organization? Read on to learn about some of most common standards and certifications.
July 19, 2024
Blog
Who must comply with PCI DSS?
Wondering if your company is subject to PCI DSS? Read on to learn who must meet PCI DSS requirements and what it takes to reach compliance.
June 28, 2024
Blog
What are the 3 rules of HIPAA?
When it comes to the 3 rules of HIPAA — the Privacy Rule, the Security Rule, and the Breach Notification Rule — what do you need to know?
July 15, 2024
Blog
We achieved SOC 2 Type 2 compliance!
Strike Graph has reached SOC 2 Type 2 compliance! Learn what the experience taught us and how it can benefit you.
July 02, 2024
Blog
What is TPRM or third-party risk management?
TPRM stands for third-party risk management. Learn about the benefits and challenges of implementing TPRM controls for your organization.
July 03, 2024
Blog
What is summary health information?
Learn how HIPAA defines summary health information, the Privacy Rule, PHI, and more — and how they apply to your business.
July 19, 2024
Blog
The difference between SOC 1, SOC 2, and SOC 3
Learn about the difference between SOC 1 and SOC 2 attestations. Read how Strike Graph can speed up your SOC 2 compliance efforts.
July 18, 2024
Blog
What is compliance risk?
Learn about compliance risk and the strategies and frameworks used to manage it.
July 15, 2024
Blog
Get your business ready for the California Privacy Rights Act (CPRA)
On January 1, 2023, the California Privacy Rights Act (CPRA) will take effect. Is your business ready to make the shift?
July 02, 2024
Blog
What are the 4 PCI DSS levels?
The 4 PCI standards—or PCI DSS compliance levels—are an important part of the PCI DSS certification process. Learn what defines PCI DSS Levels 1, 2, 3 & 4.
July 24, 2024
Blog
What are the 7 GDPR principles?
Let's take a look at all 7 principles of GDPR and what they mean for you and your business. Learn more.
July 03, 2024
Blog
What’s the difference between ISO 27001 and 27701?
In this post, we’ll provide a brief rundown of ISO 27001, a summary of the ISO 27701 framework, and the similarities and differences between the two.
July 15, 2024
Blog
The 12 PCI DSS requirements: an in-depth look
Let's go a bit more in-depth and explore the 12 PCI DSS requirements, as well as how they apply to your business.
July 03, 2024
Blog
From cost concern to opportunity maker
Justin Beals, CEO at Strike Graph and David Penn, Research Analyst with Finovate talk about the current compliance landscape and how to find the right partner for your unique business.
July 03, 2024
Blog
Need a quick guide to GDPR? Start here.
Regardless of where you’re located, if your business collects and/or manipulates the personal data of EU residents, then you need to comply with GDPR.
July 03, 2024
Blog
Strike Graph now supports PCI DSS
Strike Graph now supports PCI DSS to help you increase cardholder data controls and secure credit and debit card transactions against fraud and data theft.
July 02, 2024
Blog
What is PCI DSS?
Is your business collecting credit card data? Make sure you know the risks and how to stay PCI DSS compliant. Strike Graph streamlines PCI DSS.
July 24, 2024
Blog
CCPA / CPRA compliance: What you need to know
The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018 and became effective on January 1, 2020. Here's what you need to know.
July 03, 2024
Blog
SOC 2 Report Example
What is a SOC 2 Attestation Report? It’s the pot of gold at the end of the service authorization control (SOC 2) audit journey. These reports—issued by ind
July 24, 2024
Blog
ISO 27701 basics
Learn more about what ISO 27701 is, why it’s important, and how Strike Graph can help your organization achieve certification.
July 03, 2024
Blog
Compliance in the education technology industry
What does compliance mean for education technology? Get the scoop on FERPA (Family Educational Rights and Privacy Act) and why compliance in education matters.
July 03, 2024
Blog
Understanding and accelerating security questionnaires
Learn how security questionnaires are used and how to speed up the sales process.
July 26, 2024
Blog
Auditors and security controls: where to draw the line
CPA auditors aren't the experts of security and governance controls. Listen as Justin Beals & Sam Oberholtzer discuss the taboos of audit culture.
July 03, 2024
Blog
The six stack: 6 software solutions for startup success
Choosing the right software for managing your business can be daunting, especially for the startup. With a bit of guidance, it does not have to be.
July 24, 2024
Blog
Strike Graph compliance made easy
Strike Graph helps simplify security certifications like SOC 2, ISO 27001, ISO 27701, HIPAA, CCPA, and GDPR to achieve trust and move deals.
July 24, 2024
Blog
Cybersecurity Frameworks 101
Understanding IT security frameworks and which one applies to your organization can be confusing. We've broken it down and made it simple for you.
July 24, 2024
Blog
12 vendor management best practices
Read these 12 Vendor management best practices help you increase the value from your vendor relationships.
July 18, 2024
Blog
AICPA guidance and SOC 2 audit practices
Strike Graph CEO Justin Beals discusses the intricacies of SOC 2 Audits and audit practices with experts Sam Oberholtzer and Michelle Strickler.
July 03, 2024
Blog
How our customers achieve success with flexible compliance management
Manager of Customer Success Jordan Bellman reflects on how Strike Graph's flexible platform helps her clients achieve their compliance goals.
July 03, 2024
Blog
The differences between ISO 27002: 2013 and ISO 27002: 2022
ISO 27002 provides guidance on the implementation of controls from ISO 27001 Annex A. On February 15, 2022, ISO 27002: 2013 was updated to 27002: 2022.
July 15, 2024
Blog
Cost of penetration testing
The cost of a penetration test can cost anywhere from $4,000-30,000. Learn more about the cost of pen testing and how to reduce it where you can.
July 26, 2024
Blog
Strike Graph now supports ISO 27701
Strike Graph now supports ISO 27701, a standard for privacy information management that helps companies stay ahead of the compliance curve.
July 02, 2024
Blog
Understanding regulation, security, governance, and compliance
Justin Beals joins Sam Oberholtzer to discuss regulation, security, governance, and compliance. Learn what they mean and how they're connected.
July 03, 2024
Blog
Antivirus software: helpful or harmful?
Learn why employing an anti-virus solution might put your security at risk in a discussion with Justin Beals and Sam Oberholtzer.
July 03, 2024
Blog
What is a bridge letter in a SOC 2 report?
A bridge letter is a document made available by vendors to cover a period of time between the reporting period end date of the current SOC report and the release of a new SOC report.
July 15, 2024
Blog
Processes, policies and controls: what's the difference?
Justin Beals joins Sam Oberholtzer to discuss cybersecurity controls, policies, and processes. Learn more about building a valuable cybersecurity posture.
July 03, 2024
Blog
Entrepreneurial itch to enterprise software: how Strike Graph came to be
Justin Beals and Brian Bero share how an entrepreneurial itch and fascination with technology led them to focus their efforts on cybersecurity.
July 02, 2024
Blog
3 easy ways to keep calm and stay focused during audit season
Justin Beals joins ex-auditor Sam Oberholtzer for a conversation about how to reduce compliance burnout, even during a busy audit season.
July 03, 2024
Blog
Why trust assets are essential to growing your business
Trust assets are the most effective way to build trust with customers and help speed along the sales process proving your security compliance achievements.
July 03, 2024
Blog
HIPAA + SOC 2: Why tackling them in unison makes sense
Strike Graph's flexible platform makes it easier to achieve HIPAA and SOC 2 compliance. Learn how we can help you tackle both simultaneously.
July 26, 2024
Blog
SOC 2 tools for startups that won't break the bank
The Strike Graph list of inexpensive, open-source, and often free versions of products that can be used to support the most basic IT security requirements.
July 03, 2024
Blog
Announcing our Series A!
Strike Graph CEO and co-founder, Justin Beals, shares his excitement on what the Series A means for our team and customers.
July 02, 2024
Blog
How much time does it take to prepare for a SOC 2 audit?
How much time do common SOC 2 preparation tasks take and which departments need to be looped in? Realistic answers from Strike Graph.
July 23, 2024
Blog
SOC 2 test exceptions — what are they and how to address them
Your type 2 SOC 2 audit is underway and appears to be going well. Your auditor finds a ‘test exception’. Did you just 'fail' your audit? Not necessarily.
July 17, 2024
Blog
SOC 2 framework: a path to good operational governance
Does your SOC 2 framework demonstrate solid corporate governance practices across your organization? Here’s why that’s important.
July 18, 2024
Blog
Security questionnaires 101: the basics
Security Reports are a fact of life in the SaaS procurement process. Unlock revenue quickly and efficiently with an AI ML approach.
July 18, 2024
Blog
Deciphering integrations and automation in SaaS IT compliance tools
IT compliance SaaS providers sell integrations and automations. What do these terms really mean and who benefits from these functionalities.
July 03, 2024
Blog
Skipping a Type 1 on your SOC 2 journey? Think again!
Skipping a type 1 SOC 2 and heading straight into a type 2 is called a running start. It is risky!
June 28, 2024
Blog
How to do a risk assessment
Learn How to Conduct a Risk Assessment with Strike Graph
July 02, 2024
Blog
Interview with a penetration tester
Our resident penetration test expert provides his insights, and tips for how and when to undergo a seamless penetration test in this exclusive interview.
July 03, 2024
Blog
How to select a SOC 2 auditor
Selecting a SOC 2 doesn't have to be fear inducing. Knowing what to ask an auditor and how to interpret their responses will set you up for success.
June 28, 2024
Blog
Takeaways from Biden’s cybersecurity executive order
President Biden recently signed a executive order on cyber security. The directive will influence both public and private sector security practices.
July 03, 2024
Blog
Top 9 cybersecurity measures for remote teams
Working remote is here to stay. Organizations can implement new security controls or beef up existing controls to address this reality.
June 28, 2024
Blog
5 lessons learned from our own SOC 2 journey
Going through a SOC 2 audit doesn't need to suck. We just earned our SOC 2 and here are five lessons to share to make your journey just as successful.
July 03, 2024
Blog
What to know, how to begin, and why to prioritize a SOC 2 audit
We are excited to present auditing expert Nick Norton from Geels Norton and Strike Graph's compliance expert
July 03, 2024
Blog
Ask an auditor and compliance geek
Strike Graph and Geels Norton recorded an Ask an Auditor & Compliance Geek meeting to answer your most important compliance questions and provide feedback.
July 03, 2024
Blog
Pen test FAQs
What is a pen test and what does it entail? What is the difference between a pen test and a vulnerability scan? How does one find a good pen tester?
July 17, 2024
Blog
The secret ingredient for a smooth SOC 2 audit
Any auditor will tell you, the unifying theme of all their smoothest, most seamless audits can be traced back to one thing: readiness. Preparation is key.
July 03, 2024
Blog
Understanding the ROI from SOC 2 (or any certification)
Deepen your understanding of the ROI from a SOC 2 (or any certification)
July 03, 2024
Blog
Our #1 tip for completing security questionnaires
Security questionnaires are a redundant hassle. Our system helps you maximize your time and efforts by leveraging answers from your unique control library.
July 03, 2024
Blog
5 things a founder should know about SOC 2
Join Strike Graph's Brian Bero as we discuss what every founder should know about SOC 2 Compliance
July 24, 2024
Blog
The dangers of a checklist approach to SOC 2 compliance
A checklist approach to SOC 2 compliance is fraught with dangers. We advocate for a risk based approach to right size your compliance efforts.
July 03, 2024
Blog
What are SOC 2 Complementary User Entity Controls (CUEC)?
Learn the difference between Complementary User Entity Controls (CUECs) and Complimentary Subservice Organization Controls.
July 11, 2024
Blog
Solved: security questionnaires, RFPs, and revenue hurdles
Deepen your understanding of the ROI from a SOC 2 (or any certification)
July 03, 2024
Blog
The difference between SOC 2 and ISO 27001
The pros and cons of a SOC 2 audit or ISO 27001 certification explained. First consider the scope and maturity of your organization's security program.
July 11, 2024
Blog
How much does a SOC2 certification and audit cost?
The cost of SOC 2 audit and certification is dependent on a number of factors. These include company size, current capabilities, and more. Learn the total cost of SOC 2 certification.
June 28, 2024
Blog
EdTech and cybersecurity: what leaders need to understand
What leaders need to understand about EdTech and cybersecurity
July 03, 2024
Blog
SOC 2 System Description series: how to describe your System Boundaries
Defining your System Boundaries within the System Description can be a nerve-wracking endeavor. With a bit of guidance it does not have to be.
July 16, 2024
Blog
How SOC 2 auditors test
SOC 2 audits can be nerve wracking events. If you know the basics of how auditors approach testing, you will be prepared and have a bit of an advantage.
July 15, 2024
Blog
Are you ready for your SOC 2 audit?
There are a few steps you can take to determine whether you are ready to kick off your SOC 2. Control mapping and control coverage are where to start.
July 03, 2024
Blog
You got your SOC 2! Now what?
You have your SOC 2 report in hand, your customers are happy, now what happens? Detailed tips on how to brag about it and how to not let it go stale.
July 16, 2024
Blog
SOC 2 controls and a remote workforce in 2021
Assessing risks and threats to your network during the pandemic will helps you identify the appropriate controls to integrate into your security program.
June 28, 2024
Blog
How long does it take to get a SOC 2 Type 1? And how long does it last?
Your customer is requiring you to get a SOC 2. Depending on the urgency, you have a few options, from a methodical approach to a 'running' start. Learn more.
July 15, 2024
Blog
SOC 2 Trust Services Criteria: how to choose
Learn about the five SOC 2 Trust Services Criteria and tips to determine which ones will be right for your organization to include in your SOC 2 report.
July 16, 2024
Blog
What is a control?
What the heck is a control? This post provides examples and guidance on how to create a solid, audit ready control.
July 17, 2024
Blog
5 things founders should know about SOC 2
We share a list of what we wish we knew, as Founders of startups, before starting on our SOC 2 Journey - and it is not writing policies.
June 28, 2024
Blog
How to use your cybersecurity program to drive sales
How to harness you pre-audit security program to earn customer trust and drive the next sale. Learn more about how Strike Graph can help.
July 03, 2024
Blog
SOC 2 System Description series: adding additional TSCs
Step-by-step advice for weaving Privacy and the other TSCs into a System Description.
July 03, 2024
Blog
SOC 2 service commitments and system requirements
While you can certainly find templates for the principal service commitments and system requirements section online, it is important that you understand what you are being asked to describe so that you can tailor this section to your organization.
July 19, 2024
Blog
SOC 2 System Description series: creating trust in company leadership
The SOC 2 System Description can be used to create trust in company leadership via the COSO or operational controls.
July 03, 2024
Blog
Crawl, walk, run: we understand the SOC 2 journey because we've been there
The journey to SOC 2 certification starts with simple steps. Support from the beginning to certification starts early.
July 03, 2024
Blog
Announcing Strike Graph v1.1: System Description and enhanced SOC 2 dashboard
Strike Graph is excited to announce the release of v1.1 of https://grc.strikegraph.com. This release contains a new major feature: the System Description and it also includes major enhancements to the SOC2 Readiness Dashboard.
July 02, 2024
Blog
Security theater: not another policy!
One of the best examples of “security theater” is the unnecessary policy.
July 03, 2024
Blog
Strike Graph launches with $3.9 million in funding to automate security audits
Security-as-a-Service Startup Simplifies Security Compliance Audits to Achieve Trust and Improve Revenue.
July 24, 2024
Podcast
Creating the dark web: How the TOR browser was invented
A Secure Talk podcast episode: Creating the dark web: How the TOR browser was invented with Ben Collier
July 27, 2024
Keep up to date with Strike Graph.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
Keep up to date with Strike Graph.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.