Strike Graph is excited to announce the release of v1.1 of https://grc.strikegraph.com. This release contains a new major feature: the System Description and it also includes major enhancements to the SOC2 Readiness Dashboard. At Strike Graph, we like to make complex standards simple, so we are thrilled to bring these new and enhanced features to the platform.
Demystifying the System Description
At Strike Graph we hear this concern a lot from our customers: “How do I write a System Description? We are all technology folks not writers! Help!” We took this to heart and are very excited to announce the release of our System Description feature. This new feature allows our customers to manage a SOC2 compliant system description using an audit ready table of contents, clear guidance, and real-world example content to reduce some of the pain and mystery from creating this critical element of the SOC2 report.
A system description, also referred to as a Section 3, describes not only the nuts and bolts of the services provided by the organization, but also describes the security practices (and for some companies, also privacy, conﬁdentiality, processing integrity, and availability) in an audit compliant format. This snapshot into the maturity of the organization’s security posture is key to earning the trust of current and potential customers. While a system description is used to communicate to customers (and to auditors!) the scope of the SOC2, it often includes a combination of both marketing and more detailed descriptions of relevant processes and controls. Creating this document is no easy feat!
Our System Description feature empowers teams to collaboratively author and manage this critical document. By utilizing this feature, all of our customers will not only be one step ahead when it comes time to negotiate fees with an auditor by having a clearly deﬁned scope, but customers can also publish a PDF copy of a preliminary system description to share with their potential customers.
“Are we ready for the audit?”
Nothing is worse than the mad scramble when you realize your organization is missing key bits of evidence or does not have the right control coverage, just after an audit has kicked off! We have you covered with our enhanced SOC2 Readiness Dashboard.
Outlined icons show an evidence gap.
Our SOC2 Readiness Dashboard helps you feel conﬁdent that you are prepared for your audit.