Sign In

Cybersecurity insights from leaders with experience

Starting your cybersecurity journey can feel daunting - but we’re here to help. Check out these insights from our expert staff.

SOC 2

Five Lessons Learned from Our Own SOC 2 Journey

NEWS SOC 2
There is a saying that the cobbler's kids have no shoes. Not in our case! We ate our own dog food and tackled a SOC 2 Type 1 using our Strike Graph...

Pen Test FAQs

SOC 2
Penetration testing (also known as  “pen testing” or “ethical hacking”) is an authorized, simulated attack on a company’s computer system, network,...

The Secret Ingredient for a Smooth Audit

SOC 2
Readiness. You will encounter this word often as you start to research SOC 2. It is typical for auditors to include a readiness phase as part of...

Our #1 Tip for Completing Security Questionnaires

SOC 2
Are you searching for an efficient way to complete security questionnaires so that you can move along quickly and make that sale? Wouldn't it be nice...

The Dangers of a Checklist Approach to Compliance

SOC 2
When our customers are eager to begin their SOC 2 preparations, they always ask us which policies they should draft first? We don't have them start...

What are Complementary User Entity Controls?

SOC 2
Complementary User Entity Controls, or CUECs, are the controls that you, as a SaaS (or other services) company want your customer to have in place in...

The Difference Between SOC 2 and ISO 27001

SOC 2
Are you deciding between a SOC 2 audit or an ISO 27001 certification? The Easy Answer: Go with the one your customer is asking for! But what if...

How Much Does a SOC 2 Audit Cost?

SOC 2
There is some truth to the adage, “You get what you pay for.” How many times have you saved a few bucks by going for the cheaper option only to have...

System Description Series: How to Describe Your System Boundaries

SOC 2
For many organizations, creating the System Boundaries section of the System Description can feel like a painful slog. You’ve worked so hard to...

How SOC 2 Auditors Test

SOC 2
You are ready for the SOC 2. You have chosen an auditor and you are confident that your controls are working. Now what? Getting audited can be a...

Are You Ready for Your SOC 2 Audit?

SOC 2
No one wants to go into a SOC 2 audit blind or unprepared. So how do you know when you’re ready? Whether you tackle your SOC 2 preparation solo, or...

Got Your SOC 2 - Now What?

SOC 2
You just got your final SOC 2 report back from the Auditor. You sent the report off to the customer that wanted it and a Big Deal has just been...

SOC 2 Controls and a Remote Workforce in 2021

SOC 2
We are often asked for guidance on the controls that auditors will look for in this new remote reality. A web search for “work-from-home best...

How Long Does it Take to Get a SOC 2? (2021)

SOC 2
A big sale is on the line. Your customer requires that you achieve a SOC 2 Type 2 certification before they will sign the contract for your service....

Choosing the Right Trust Services Criteria for Your SOC 2 in 2021

SOC 2
For organizations beginning their SOC 2 journey, figuring out which of the five Trust Services Criteria (TSC) to include in their scope can seem like...

What (the bleep) is a Control?

SOC 2
A lot of lingo gets tossed around in the compliance world: Criteria, Standard, Point of Focus, Narrative, Control Owner, Test of Operating...

5 Things Founders Should Know About a SOC 2 (2021)

SOC 2
If you are like us, you wish you had a SOC 2 Fairy Godmother to guide you through the convoluted SOC 2 compliance process. We have something better:...

How to use Your Pre-Audit Cyber Security Program to Drive Sales

SOC 2
There is a stretch of time in your organization’s SOC 2 journey where security practices are being established or refined. Sometimes they are being...

System Description Series: Adding Additional TSCs

SOC 2
Weaving Privacy into Your System Description We are often asked how to best weave the Privacy, Confidentiality, Availability and Processing Integrity...

System Description Series:  Service Commitments and System Requirements

SOC 2
What are ‘principle service commitments and system requirements’? Embedded deep in the depths of the System Description is a small, but critical...

System Description Series: Creating Trust in Company Leadership

SOC 2
One important and often overlooked use of the System Description (sometimes called a Section 3) is to demonstrate to your existing and potential...

Crawl, Walk, Run: We understand the SOC 2 journey because we have been there

SOC 2
At Strike Graph we know the challenges faced by smaller companies and startups when they embark on their SOC 2 journey. We experienced the sticker...

Security Theater:  Not another policy!

SOC 2
It’s such a common theme. You need to establish a cyber security program so that you can get your SOC 2 certification and the first thing that an...

Valid8 Financial earns their SOC 2 with Strike Graph

NEWS SOC 2
Chris McCall the CEO of Valid8 Financial was pushing hard to get his SaaS platform adopted by a Fortune 100 customer. Valid8 is an innovative...

Learn how you can leverage Strike Graph for your cybersecurity needs