Sign In
Request a Demo

Cybersecurity insights from leaders with experience

Starting your cybersecurity journey can feel daunting - but we’re here to help. Check out these insights from our expert staff.

Blogs

Why Trust Assets Are Essential to Growing Your Business

SOC 2
November 17, 2021
B2B companies are confronted by a new challenge in accelerating their customer acquisition. The challenge is often described as needing to complete a...
Read on
what-is-a-trust-asset

HIPAA + SOC 2: Why Tackling Them in Unison Makes Sense

HIPAA and SOC 2 compliance are essential milestones for any business that deals with the storage or transmission of consumers' data and health...
Read on
hipaa + soc 2 in unison

Useful Tools and Products for Startups that Won't Break the Bank

SOC 2
September 15, 2021
We are often asked for recommendations for cost-effective, bare minimum products and tools to help with SOC 2 compliance. Cost can be a driver or a...
Read on
hand holding a brain to share SOC2 tools

Announcing Our Series A!

NEWS
September 14, 2021
I co-founded Strike Graph with Brian Bero in the Spring of 2020. We saw the need for a simpler, customer-centric security compliance solution that...
Read on
Strike Graph Leadership Team

How much time does it take to prepare for a SOC 2 audit?

SOC 2
August 10, 2021
The length of time required to prepare for your SOC 2 audit is really determined by two factors: the maturity of the processes in your organization,...
Read on
business woman in Hijab

SOC 2 test exceptions - What are they and how to address them

SOC 2
August 5, 2021
Co-author: Steve Seideman, Principle Security Consultant at Prescient Assurance Your type 2 SOC 2 audit is underway and appears to be going well....
Read on
Confused woman with hands up

Why SOC 2 is also an operational governance framework

SOC 2
August 3, 2021
Unlike some frameworks that have a narrower focus, SOC 2 requires you to demonstrate solid corporate governance practices across the organization....
Read on
two people fist bumping

Security Questionnaires 101: The Basics

SOC 2
July 28, 2021
Let’s talk about the dreaded security questionnaire - also known as a vendor assessment, third-party vendor assessment/questionnaire, or cloud...
Read on
woman karate chopping a stone padlock

Deciphering integrations and automation in SaaS IT compliance tools

SOC 2
July 14, 2021
Your organization is unique. Different organizations are at different stages of IT security maturity, and a one size fits all ‘integration’ may not...
Read on
hands at keyboard with cogs overlay

Skipping a Type 1 on your SOC 2 journey? Think again!

SOC 2
June 9, 2021
The following appeared as an article on Security Boulevard We’re often asked by our customers who are embarking on the SOC 2 journey: Can we skip...
Read on
man looking at two dashed lines

Interview with a Penetration Tester

SOC 2
May 27, 2021
We are often asked for advice on how best to prepare for a penetration test. I sat down with Adrian (we’ve disguised his real name to protect his...
Read on
person in hoodie with text of penetration test overlaid

How to select a SOC 2 auditor

SOC 2
May 25, 2021
(The following originally appeared as an article in Security Boulevard) Choosing a SOC 2 auditor can seem like a panic-inducing process. How do you...
Read on
Crystal ball and hands

Takeaways from Biden’s Cybersecurity Executive Order

NEWS
May 20, 2021
A review of lessons learned is a key component of any good incident response plan. After the SolarWinds attack, the US Government considered their...
Read on
incident response icons

Top 9 Cybersecurity Measures for Remote Teams

SOC 2
May 18, 2021
(The following is an excerpt from recently published piece on Salestechstar.com).   Many organizations had to quickly adapt to a work from home model...
Read on
Cat on Keyboard

Five Lessons Learned from Our Own SOC 2 Journey

NEWS SOC 2
May 10, 2021
There is a saying that the cobbler's kids have no shoes. Not in our case! We ate our own dog food and tackled a SOC 2 Type 1 using our Strike Graph...
Read on
man at laptop at peace

Pen Test FAQs

SOC 2
April 20, 2021
Penetration testing (also known as  “pen testing” or “ethical hacking”) is an authorized, simulated attack on a company’s computer system, network,...
Read on
ones and zeros penetration testing

The Secret Ingredient for a Smooth Audit

SOC 2
April 15, 2021
Readiness. You will encounter this word often as you start to research SOC 2. It is typical for auditors to include a readiness phase as part of...
Read on
Secret for a Smooth Audit

Our #1 Tip for Completing Security Questionnaires

SOC 2
April 8, 2021
Are you searching for an efficient way to complete security questionnaires so that you can move along quickly and make that sale? Wouldn't it be nice...
Read on
Man in a sea of question marks

The Dangers of a Checklist Approach to SOC 2 Compliance

SOC 2
April 1, 2021
When our customers are eager to begin their SOC 2 preparations, they always ask us which policies they should draft first? We don't have them start...
Read on
Business man in a swarm of policies

What are Complementary User Entity Controls (CUEC)?

SOC 2
March 26, 2021
Complementary User Entity Controls, or CUECs, are the controls that you, as a SaaS (or other services) company want your customer to have in place in...
Read on
Woman thinking about audit lingo with curvy thought arrows

The Difference Between SOC 2 and ISO 27001

SOC 2
March 24, 2021
Are you deciding between a SOC 2 audit or an ISO 27001 certification? The Easy Answer: Go with the one your customer is asking for! But what if...
Read on
Man at a crossroads choosing between a SOC 2 and ISO 27001

How Much Does a SOC 2 Audit Cost?

SOC 2
March 1, 2021
There is some truth to the adage, “You get what you pay for.” How many times have you saved a few bucks by going for the cheaper option only to have...
Read on
value vs cost scale

System Description Series: How to Describe Your System Boundaries

SOC 2
February 11, 2021
For many organizations, creating the System Boundaries section of the System Description can feel like a painful slog. You’ve worked so hard to...
Read on
woman reading a report

How SOC 2 Auditors Test

SOC 2
February 5, 2021
You are ready for the SOC 2. You have chosen an auditor and you are confident that your controls are working. Now what? Getting audited can be a...
Read on
Audit hovering over an open hand

Are You Ready for Your SOC 2 Audit?

SOC 2
February 4, 2021
No one wants to go into a SOC 2 audit blind or unprepared. So how do you know when you’re ready? Whether you tackle your SOC 2 preparation solo, or...
Read on
Ready for a SOC 2 Audit

Got Your SOC 2 - Now What?

SOC 2
January 26, 2021
You just got your final SOC 2 report back from the Auditor. You sent the report off to the customer that wanted it and a Big Deal has just been...
Read on
Got your SOC 2 Now What

SOC 2 Controls and a Remote Workforce in 2021

SOC 2
January 20, 2021
We are often asked for guidance on the controls that auditors will look for in this new remote reality. A web search for “work-from-home best...
Read on
SOC 2 Controls and a Remote Workforce in 2021

How Long Does it Take to Get a SOC 2 Type 1? | How Long Does it Last?

SOC 2
January 14, 2021
A big sale is on the line. Your customer requires that you achieve a SOC 2 Type 2 certification before they will sign the contract for your service....
Read on
SOC 2 Type 1 Finish Line

SOC 2 Trust Services Criteria: How to Choose in 2021

SOC 2
January 6, 2021
For organizations beginning their SOC 2 journey, figuring out which of the five Trust Services Criteria (TSC) to include in their scope can seem like...
Read on
man looking at closed doors

What (the bleep) is a Control?

SOC 2
December 30, 2020
A lot of lingo gets tossed around in the compliance world: Criteria, Standard, Point of Focus, Narrative, Control Owner, Test of Operating...
Read on
What is a Control?

5 Things Founders Should Know About a SOC 2 (2021)

SOC 2
December 21, 2020
If you are like us, you wish you had a SOC 2 Fairy Godmother to guide you through the convoluted SOC 2 compliance process. We have something better:...
Read on
Soc 2 Questions

How to use Your Cybersecurity Program to Drive Sales

SOC 2
December 17, 2020
There is a stretch of time in your organization’s SOC 2 journey where security practices are being established or refined. Sometimes they are being...
Read on
Pre-audit cuber security program drives sales

System Description Series: Adding Additional TSCs

SOC 2
December 14, 2020
Weaving Privacy into Your System Description We are often asked how to best weave the Privacy, Confidentiality, Availability and Processing Integrity...
Read on
Editing a report

Service Commitments and System Requirements

SOC 2
December 10, 2020
What are ‘principle service commitments and system requirements’? Embedded deep in the depths of the System Description is a small, but critical...
Read on

System Description Series: Creating Trust in Company Leadership

SOC 2
December 7, 2020
One important and often overlooked use of the System Description (sometimes called a Section 3) is to demonstrate to your existing and potential...
Read on
Creating trust in company leadership

Crawl, Walk, Run: We understand the SOC 2 journey because we have been there

SOC 2
December 2, 2020
At Strike Graph we know the challenges faced by smaller companies and startups when they embark on their SOC 2 journey. We experienced the sticker...
Read on
SOC Compliance Whiteboard

Announcing Strike Graph v1.1: System Description & Enhanced SOC 2 Dashboard 2

NEWS
November 28, 2020
Strike Graph is excited to announce the release of v1.1 of https://grc.strikegraph.com. This release contains a new major feature: the System...
Read on
Enhanced SOC 2 Dashboard 2

Security Theater:  Not another policy!

SOC 2
November 3, 2020
It’s such a common theme. You need to establish a cyber security program so that you can get your SOC 2 certification and the first thing that an...
Read on
Security Theater

Strike Graph Launches With $3.9 Million in Funding to Automate Security Audits

NEWS
October 5, 2020
SEATTLE--(BUSINESS WIRE)--Strike Graph, a compliance automation startup, today announces its launch and seed funding of $3.9 million, led by Madrona...
Read on
Strike Graph Founders

Don't fail your SOC 2 with a "just do it" attitude

We’ve all heard “Just Do It”. Since 1988 it’s been a mantra for a certain shoe company and five years ago became a meme for motivation, thanks Shia...
Read on
Don't Fail SOC 2

Is your edtech meeting security standards?

By:  Josh Jarrett The current global pandemic has thrust the education industry into 100% online learning. Institutions and educators are...
Read on
is your edtech meeting security standards

Valid8 Financial earns their SOC 2 with Strike Graph

NEWS SOC 2
April 30, 2020
Chris McCall the CEO of Valid8 Financial was pushing hard to get his SaaS platform adopted by a Fortune 100 customer. Valid8 is an innovative...
Read on
Valid8 earns SOC 2

Welcome to Strike Graph

NEWS
April 7, 2020
While CTO at a prior startup we had developed an amazing new AI product. Our product was an exciting innovation in the ability for companies to...
Read on
Welcome to Strike Graph

Learn how you can leverage Strike Graph for your cybersecurity needs

Strike Graph helps companies build a simple, reliable and effective compliance program so that they can get their security certifications quickly, built trust with customers, and focus attention on revenue and sales.

Popular Insights
SOC_NonCPA

@ 2021 Strike Graph, Inc. All Rights Reserved • Privacy Policy