Strike Graph security compliance blog

Strike Graph’s control library makes mitigating risk a breeze

Written by Justin Beals : Founder & CEO | Dec 4, 2023 8:00:00 AM

Once you’ve identified your company’s security risks, the idea of having to mitigate each individual one can feel daunting. Strike Graph has a simplifying solution — our pre-populated control library. 

In this post, we’ll take a look at what the Strike Graph control library can do for your business, what makes our controls so powerful, and what other automation tools you can leverage on our platform to make getting from the compliance starting to finish line that much easier.

Let’s begin!

 

When you first enter the Strike Graph control library, you'll find a list of hundreds of pre-populated controls. These are sourced either from our Strike Graph suggested controls, or from previous compliance work your organization has completed. These controls serve as the baseline for your compliance preparation — and you can find them with just a few clicks.

That’s because we make navigating your control library simple with our filters and search tool. This allows you to find the controls you're looking for quickly. Here’s how that works:

You can search for a control directly by:

  • Keyword
  • The name of the control
  • Status (all, active, inactive, or needs attention)
  • Owner (you, a teammate, or unassigned)
  • Progress (all, none, not in place, partially in place, in place, or archived)
  • Frequency (all, as needed, daily, weekly, monthly, quarterly, annually, or continuous)
  • Suggested controls for specific frameworks (all, ISO 27001, HIPAA, ISO 27701, SOC 2, PCI DSS, GDPR, etc.)

Now that you know how to find all of these controls, let’s take a closer look at some of their features, as well as how they can make your compliance prep a breeze:

Pre-mapped

These controls are pre-mapped to all of the frameworks that you have turned on in the Strike Graph platform. This means that you can easily satisfy multiple standards with one control, saving you and your team a ton of time — not to mention other resources.

Customizable

Controls are customizable so you can tailor them to your unique organization and business situation. To do that, you'll click into each control individually, find the edit button at the top, and then review each section of information, including the control name, description, owner, frequency, and progress.

You’ll want to accurately demonstrate how your organization implements each control. For example, this may mean changing the templatized description — which is meant to be customized — by adding a phrase, removing a word, or adjusting the wording overall. Do whatever makes sense to show your organization has that control covered.

Owned

Assigning an owner for each control provides your team with insight on who is responsible for what, and spreads the work — and responsibility — around your organization, so no one person feels all of the weight is falling on their shoulders.

The owner you assign will not only be responsible for that specific control, but also responsible for the process and collecting the related evidence items. By clicking on the dropdown menu within the control, you'll be able to find any team member that has a Strike Graph account. If the team member you’re looking for isn’t there, this is a great opportunity to invite them into the platform and think about who else should be involved in your compliance prep.

Audit-proven

Controls are audit-proven so you can feel confident you'll achieve certification on the first try. How does this work? Here at Strike Graph, we have years of experience prepping our clients for audits, and know which controls are typically accepted — and which aren’t.

Automated

Evidence is essential for proving your controls are effectively mitigating your risks. But collecting it can be tedious and time consuming. That’s why the Strike Graph does it for you. Our automated evidence collection works through low-code integrations that are simple and secure.

The control library is just one of many powerful security compliance tools Strike Graph places at your fingertips. We’re continuously developing AI-driven tools that make sure your security program is streamlined and painless — like our AI security assistant and teams feature.