Sign In
Request a demo

Cybersecurity insights from leaders with experience

Starting your cybersecurity journey can feel daunting - but we’re here to help. Check out these insights from our expert staff.

Michelle Strickler

Michelle Strickler
Michelle is a passionate advocate for a risk-based approach to IT compliance, as well as for an increased role of effective IT governance. Before joining Strike Graph, she coached companies, from startups to public enterprises, through their compliance initiatives. In a past life, she was an IT Auditor, but don't hold that against her.

Useful Tools and Products for Startups that Won't Break the Bank

SOC 2
September 15, 2021
We are often asked for recommendations for cost-effective, bare minimum products and tools to help with SOC 2 compliance. Cost can be a driver or a...
Read on

How much time does it take to prepare for a SOC 2 audit?

SOC 2
August 10, 2021
The length of time required to prepare for your SOC 2 audit is really determined by two factors: the maturity of the processes in your organization,...
Read on

SOC 2 test exceptions - What are they and how to address them

SOC 2
August 5, 2021
Co-author: Steve Seideman, Principle Security Consultant at Prescient Assurance Your type 2 SOC 2 audit is underway and appears to be going well....
Read on

Why SOC 2 is also an operational governance framework

SOC 2
August 3, 2021
Unlike some frameworks that have a narrower focus, SOC 2 requires you to demonstrate solid corporate governance practices across the organization....
Read on

Security Questionnaires 101: The Basics

SOC 2
July 28, 2021
Let’s talk about the dreaded security questionnaire - also known as a vendor assessment, third-party vendor assessment/questionnaire, or cloud...
Read on

Deciphering integrations and automation in SaaS IT compliance tools

SOC 2
July 14, 2021
Your organization is unique. Different organizations are at different stages of IT security maturity, and a one size fits all ‘integration’ may not...
Read on

Skipping a Type 1 on your SOC 2 journey? Think again!

SOC 2
June 9, 2021
The following appeared as an article on Security Boulevard We’re often asked by our customers who are embarking on the SOC 2 journey: Can we skip...
Read on

How to select a SOC 2 auditor

SOC 2
May 25, 2021
(The following originally appeared as an article in Security Boulevard) Choosing a SOC 2 auditor can seem like a panic-inducing process. How do you...
Read on

Takeaways from Biden’s Cybersecurity Executive Order

NEWS
May 20, 2021
A review of lessons learned is a key component of any good incident response plan. After the SolarWinds attack, the US Government considered their...
Read on

Top 9 Cybersecurity Measures for Remote Teams

SOC 2
May 18, 2021
(The following is an excerpt from recently published piece on Salestechstar.com).   Many organizations had to quickly adapt to a work from home model...
Read on

Five Lessons Learned from Our Own SOC 2 Journey

NEWS SOC 2
May 10, 2021
There is a saying that the cobbler's kids have no shoes. Not in our case! We ate our own dog food and tackled a SOC 2 Type 1 using our Strike Graph...
Read on

Pen Test FAQs

SOC 2
April 20, 2021
Penetration testing (also known as  “pen testing” or “ethical hacking”) is an authorized, simulated attack on a company’s computer system, network,...
Read on

The Secret Ingredient for a Smooth Audit

SOC 2
April 15, 2021
Readiness. You will encounter this word often as you start to research SOC 2. It is typical for auditors to include a readiness phase as part of...
Read on

Our #1 Tip for Completing Security Questionnaires

SOC 2
April 8, 2021
Are you searching for an efficient way to complete security questionnaires so that you can move along quickly and make that sale? Wouldn't it be nice...
Read on

The Dangers of a Checklist Approach to SOC 2 Compliance

SOC 2
April 1, 2021
When our customers are eager to begin their SOC 2 preparations, they always ask us which policies they should draft first? We don't have them start...
Read on

What are Complementary User Entity Controls (CUEC)?

SOC 2
March 26, 2021
Complementary User Entity Controls, or CUECs, are the controls that you, as a SaaS (or other services) company want your customer to have in place in...
Read on

The Difference Between SOC 2 and ISO 27001

SOC 2
March 24, 2021
Are you deciding between a SOC 2 audit or an ISO 27001 certification? The Easy Answer: Go with the one your customer is asking for! But what if...
Read on

How Much Does a SOC 2 Audit Cost?

SOC 2
March 1, 2021
There is some truth to the adage, “You get what you pay for.” How many times have you saved a few bucks by going for the cheaper option only to have...
Read on

System Description Series: How to Describe Your System Boundaries

SOC 2
February 11, 2021
For many organizations, creating the System Boundaries section of the System Description can feel like a painful slog. You’ve worked so hard to...
Read on

How SOC 2 Auditors Test

SOC 2
February 5, 2021
You are ready for the SOC 2. You have chosen an auditor and you are confident that your controls are working. Now what? Getting audited can be a...
Read on

Are You Ready for Your SOC 2 Audit?

SOC 2
February 4, 2021
No one wants to go into a SOC 2 audit blind or unprepared. So how do you know when you’re ready? Whether you tackle your SOC 2 preparation solo, or...
Read on

Got Your SOC 2 - Now What?

SOC 2
January 26, 2021
You just got your final SOC 2 report back from the Auditor. You sent the report off to the customer that wanted it and a Big Deal has just been...
Read on

SOC 2 Controls and a Remote Workforce in 2021

SOC 2
January 20, 2021
We are often asked for guidance on the controls that auditors will look for in this new remote reality. A web search for “work-from-home best...
Read on

How Long Does it Take to Get a SOC 2 Type 1? | How Long Does it Last?

SOC 2
January 14, 2021
A big sale is on the line. Your customer requires that you achieve a SOC 2 Type 2 certification before they will sign the contract for your service....
Read on

SOC 2 Trust Services Criteria: How to Choose in 2021

SOC 2
January 6, 2021
For organizations beginning their SOC 2 journey, figuring out which of the five Trust Services Criteria (TSC) to include in their scope can seem like...
Read on

What (the bleep) is a Control?

SOC 2
December 30, 2020
A lot of lingo gets tossed around in the compliance world: Criteria, Standard, Point of Focus, Narrative, Control Owner, Test of Operating...
Read on

5 Things Founders Should Know About a SOC 2 (2021)

SOC 2
December 21, 2020
If you are like us, you wish you had a SOC 2 Fairy Godmother to guide you through the convoluted SOC 2 compliance process. We have something better:...
Read on

How to use Your Pre-Audit Cyber Security Program to Drive Sales

SOC 2
December 17, 2020
There is a stretch of time in your organization’s SOC 2 journey where security practices are being established or refined. Sometimes they are being...
Read on

System Description Series: Adding Additional TSCs

SOC 2
December 14, 2020
Weaving Privacy into Your System Description We are often asked how to best weave the Privacy, Confidentiality, Availability and Processing Integrity...
Read on

Service Commitments and System Requirements

SOC 2
December 10, 2020
What are ‘principle service commitments and system requirements’? Embedded deep in the depths of the System Description is a small, but critical...
Read on

System Description Series: Creating Trust in Company Leadership

SOC 2
December 7, 2020
One important and often overlooked use of the System Description (sometimes called a Section 3) is to demonstrate to your existing and potential...
Read on

Crawl, Walk, Run: We understand the SOC 2 journey because we have been there

SOC 2
December 2, 2020
At Strike Graph we know the challenges faced by smaller companies and startups when they embark on their SOC 2 journey. We experienced the sticker...
Read on

Learn how you can leverage Strike Graph for your cybersecurity needs

Strike Graph helps companies build a simple, reliable and effective compliance program so that they can get their security certifications quickly, built trust with customers, and focus attention on revenue and sales.

Popular Insights
SOC_NonCPA

@ 2021 Strike Graph, Inc. All Rights Reserved • Privacy Policy