Everything you need to know about security compliance

Whether you're new to cybersecurity or expanding an already robust security stance, we have resources to support your learning.

Recommended:
January 30, 2024
New Strike Graph framework | CIS builds trust without an audit
January 16, 2024
Strike Graph and Judy Security partner to bring the best of security compliance and cybersecurity tech

Search

Search
Clear All

Filters

Apply Cancel
Result for
No result was found.
Guides

TrustOps implementation: an in-depth guide

Ready to take a deep dive into TrustOps? This guide gets into the nitty gritty details of how to design, operate, and measure a robust TrustOps program.
January 23, 2024
Security compliance TrustOps Security compliance TrustOps
Guide

The essential TrustOps guide for 2024

If you’re waiting for the right time to tackle TrustOps, this is it. With a little planning now you can be miles ahead of the competition in the coming year, closing bigger deals faster, attracting more customers, and building brand loyalty.
December 12, 2023
Security compliance TrustOps Security compliance TrustOps
Guide

Which security frameworks does my company need?

With so many compliance rules out there, it can feel like framework alphabet soup. In this guide, we go industry by industry so you know exactly what you need.
October 02, 2023
Security compliance TrustOps Designing security programs Security compliance TrustOps Designing security programs
Guide

Will automation boost or break your security program?

AI and automation are great! But using them unwisely can undercut your security program. In this guide, we explore how to take a smart and effective approach.
October 02, 2023
Security compliance Designing security programs AI and automation Security compliance Designing security programs AI and automation
Guides

What is governance, risk, and compliance?

Learn about GRC – governance, risk, and compliance – and how this business-wide strategy compares with TrustOps.
May 25, 2023
Security compliance TrustOps Security compliance TrustOps
Guide

What cannot be shared under HIPAA?

HIPAA doesn’t need to be complicated. Explore our quick overview of what cannot be shared under HIPAA and take the first step toward compliance.
November 03, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
SOCE 2 Report
Guide

Looking for a SOC 2 report example? Here you go!

This SOC 2 report example contains commonly reviewed SOC 2 security controls and keys systems, so you can better understand what to expect.
September 30, 2022
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Edtech Security
Guides

Is your EdTech security robust enough?

Learn about the security risks EdTech companies face, and how your company can build resilience against threats through cybersecurity compliance.
September 16, 2022
SOC 2 HIPAA ISO 27001 Security compliance Designing security programs SOC 2 HIPAA ISO 27001 Security compliance Designing security programs
CCPA Vs GDPR
Guide

CCPA vs. GDPR

Don’t know if your organization needs to be CCPA or GDPR compliant? Start here.
September 02, 2022
CPRA GDPR Security compliance Designing security programs CPRA GDPR Security compliance Designing security programs
iso 27000 series
Guide

What is the ISO 27000 series?

Learn everything you need to know about improving your organization’s information security with the ISO 27000 series standards
August 25, 2022
ISO 27701 ISO 27002 ISO 27701 Security compliance Designing security programs ISO 27701 ISO 27002 Security compliance Designing security programs
Guide

5 things startups need to know about HIPAA compliance

New to the health tech space and unsure about HIPAA? Strike Graph's guide helps clarify the confusion and put you on the right track to compliance.
July 25, 2022
HIPAA Security compliance Measuring/certifying security programs Designing security programs HIPAA Security compliance Measuring/certifying security programs Designing security programs
Guide

5 things a founder should know about SOC 2

Unsure where to start on your SOC 2 compliance journey? We're here to help guide you each step of the way.
July 21, 2022
SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Case Study

ORM Technologies: SOC 2 30% faster

Learn how ORM Technologies achieved SOC 2 30% faster with Strike Graph.
February 14, 2024
SOC 2 Security compliance Measuring/certifying security programs Boosting revenue SOC 2 Security compliance Measuring/certifying security programs Boosting revenue
Case Study

Visible: Shifting SOC 2 from resource obstacle to marketing asset

Discover how Visible reduced its sales cycle time by 30% using Strike Graph’s compliance and certification platform.
October 18, 2023
SOC 2 Security compliance Boosting revenue SOC 2 Security compliance Boosting revenue
Case Study

DocuPhase: 50% less work with multi-framework mapping

Learn how DocuPhase shifted from a reactive to proactive security approach and cut their HIPAA work in half with Strike Graph.
October 16, 2023
SOC 2 HIPAA Security compliance Designing security programs SOC 2 HIPAA Security compliance Designing security programs
Case Study

Catalyst Solutions: From bogged down to boosting sales

Learn how Catalyst Solutions used the Strike Graph compliance and certification platform to overcome significant compliance gaps and reach SOC 2 compliance with fast.
September 27, 2023
SOC 2 Security compliance Boosting revenue SOC 2 Security compliance Boosting revenue
Case Study

Achieving compliance with HIPAA and SOC 2

Learn how GoReact — an award-winning, cloud-based video platform — obtained SOC 2 and HIPAA compliance in a matter of just weeks thanks to Strike Graph.
April 14, 2023
SOC 2 HIPAA Security compliance Measuring/certifying security programs SOC 2 HIPAA Security compliance Measuring/certifying security programs
Case Study

How BioAgilytix got ISO 27001 certified 2x faster

How BioAgilytix Got ISO 27001 Certified 2x Faster. BioAgilytix, a seasoned team of highly experienced scientific and QA professionals, knew that despite their success in delivering best-in-class science, ISO 27001 was outside their scope of expertise. So they came to Strike Graph for help.
August 17, 2022
ISO 27001 Security compliance Measuring/certifying security programs ISO 27001 Security compliance Measuring/certifying security programs
Case Study

How Strike Graph helped BugSplat move closer to SOC 2 compliance

How Strike Graph Helped BugSplat Move Closer to SOC 2 Compliance
July 28, 2022
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Case Study

Satisfying customers and landing more contracts: NROC’s SOC 2 journey

Learn how NROC completed a Type 1 and a Type 2 audit within one year, positioning themselves for more revenue opportunities.
July 28, 2022
SOC 2 Security compliance Boosting revenue SOC 2 Security compliance Boosting revenue
Case Study

Foundation AI: gaining trust and winning deals through SOC 2

Learn how Foundation AI benefited from Strike Graph’s security packet and collected evidence for SOC 2 with minimal effort.
July 28, 2022
SOC 2 Security compliance Boosting revenue SOC 2 Security compliance Boosting revenue
Case Study

LCvista saved time, money, and resources with Strike Graph

LCvista Saved Time, Money, and Resources With Strike Graph
July 28, 2022
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

Breaking Down the Penetration Testing Process: Phases, Steps, Timelines, and Industry-Specific Strategies

Pen test experts explain each phase, main steps and timing. Learn how AI can streamline the pen testing process. Download free Pen Testing Schedule Template.
November 13, 2024
Designing security programs Designing security programs
PCI DSS Scoping Toolkit
Blog

Mastering PCI DSS scoping: categories, steps, and how to reduce scope

Compliance experts explain PCI scoping categories, walk you through the process step-by-step, help you reduce your scope & provide a Free PCI Scope Toolkit.
October 29, 2024
PCI DSS Designing security programs PCI DSS Designing security programs
Blog

October Product Roundup

Explore Strike Graph's new Quick Start feature, designed to automate evidence collection and streamline compliance with AI-powered tools, ensuring you're always audit-ready.
October 28, 2024
PCI DSS Operating security programs AI and automation Company news PCI DSS Operating security programs AI and automation Company news
Blog

Strike Graph’s strategic approach to AI in compliance

Discover how Strike Graph's AI-driven tools enhance security compliance with automated data collection, intelligent control testing, and real-time evidence validation.
October 28, 2024
PCI DSS AI and automation PCI DSS AI and automation
Blog

What You Need to Know About CMMC in 2025

Learn the ins and outs of CMMC 2.0 compliance and how it impacts your business.
October 24, 2024
CMMC Security compliance Designing security programs CMMC Security compliance Designing security programs
Strike Graph in EU
Blog

Strike Graph now offers hosted data within the EU

Strike Graph now offers data hosting in the European Union for customers with specific data privacy and security requirements.
October 08, 2024
Company news Company news
Blog

Penetration testing best practices: ensuring consistent and effective security testing

Compliance experts share best practices for pen testing. Learn how to choose the best pen test vendor for your use case. List of Pen Testing Vendor Questions.
September 26, 2024
Pen testing Measuring/certifying security programs Designing security programs Pen testing Measuring/certifying security programs Designing security programs
Blog

PCI DSS v4.0 (v4.0.1): Requirements, changes, implementation steps and checklist

PCI DSS compliance experts share the new requirements and changes in PCI DSS v4.0.1. Also, get a v4.0 implementation roadmap and a free PCI DSS v4.0 checklist.
September 10, 2024
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

PCI DSS policy essentials: requirements, examples & templates

PCI experts share everything you need to include in a PCI policy for v4.0.1. Free PCI policy template, tips for customizing & how to make compliance easier.
August 27, 2024
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

Beyond SBOMs: Building a secure future for medical devices

The FDA's SBOM mandate is a positive step, but companies should need to implement a comprehensive cybersecurity framework to fully protect devices, users, and ultimately, patient safety.
August 26, 2024
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

Enhancing Infrastructure Security: A Shift Towards HTTP/S Retrieval Systems

Explore the hidden security risks of software agents and discover how network segmentation and HTTP/S retrieval systems can enhance your IT infrastructure.
August 19, 2024
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

Lessons from the CrowdStrike outage: Why verification is the missing piece in modern security automation

Wondering which security frameworks might be helpful for your organization? Read on to learn about some of most common standards and certifications.
July 24, 2024
Security compliance Operating security programs Security compliance Operating security programs
Blog

Navigating GDPR: How to protect data subject rights

Find out how to navigate GDPR and protect your data subject rights with Strike Graph's easy-to-follow guide. It's all about staying compliant and building trust, the smart way!
April 18, 2024
GDPR ISO 27701 SOC 2 Security compliance Designing security programs GDPR ISO 27701 SOC 2 Security compliance Designing security programs
Blog

Navigating the Evolving Security Landscape: An In-Depth Look at the Gartner Security & Risk Management Summit

Learn how a well-planned cybersecurity certification roadmap can streamline your compliance process, saving time and reducing stress.
April 12, 2024
Company news Company news
Blog

Streamlining security compliance: the essential cybersecurity certification roadmap

Learn how a well-planned cybersecurity certification roadmap can streamline your compliance process, saving time and reducing stress.
April 11, 2024
Security compliance Security compliance
Blog

Empowering innovation through customized compliance: the Strike Graph advantage

Discover how Strike Graph's comprehensive platform transforms compliance for tech-forward companies with customizable controls, collaboration tools, and strategic insights for unparalleled agility and security.
April 04, 2024
Security compliance Operating security programs Designing security programs Security compliance Operating security programs Designing security programs
Blog

Simplifying compliance together: Here's what our customers are saying about Strike Graph

Discover what our customers are saying about their journey to simplified compliance with Strike Graph! From stress-free certifications to the power of AI and automation, learn how we turn the compliance process into a streamlined, revenue-boosting experience.
April 01, 2024
Security compliance AI and automation Company news Security compliance AI and automation Company news
Blog

Simplifying data security compliance in a complex regulatory landscape

Don’t let compliance with multiple security frameworks bog you down. Strike Graph’s multi-framework data security compliance platform streamlines the process.
March 28, 2024
Security compliance Designing security programs Security compliance Designing security programs
Blog

Penetration tests vs. vulnerability scans

Learn how pen testing and vulnerability scanning combat AI cyber threats to fortify your data security in our essential guide.
March 26, 2024
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

Decoding the HIPAA Omnibus Rule: A guide for HealthTech professionals

Navigate the complexities of the HIPAA Omnibus Rule with insights on achieving and proving compliance, crucial for HealthTech professionals looking to safeguard patient information.
March 25, 2024
HIPAA HIPAA Security compliance Measuring/certifying security programs Boosting revenue HIPAA Security compliance Measuring/certifying security programs Boosting revenue
Blog

The key to understanding SOC reports

Everything you need to know about SOC 1, SOC 2, and SOC 3 reports, including what’s in them and the benefits they can offer your business.
March 14, 2024
SOC 1 SOC 2 SOC 3 SOC 2 Security compliance SOC 3 Measuring/certifying security programs SOC 1 SOC 1 SOC 2 SOC 3 Security compliance Measuring/certifying security programs
Blog

Strike Graph now supports the HIPAA privacy rule for covered entities!

For covered entities, meeting the standards of the HIPAA privacy rule is non-negotiable. Strike Graph empowers health-sector companies to efficiently meet these requirements and leverage their security measures to build customer trust and outperform the competition.
February 26, 2024
HIPAA Designing security programs Company news HIPAA Designing security programs Company news
Blog

Strike Graph solves the unique HIPAA challenges of HealthTech

HealthTech companies face unique challenges when it comes to security and privacy — including HIPAA compliance. Here’s how Strike Graph solves them.
February 12, 2024
Security compliance Designing security programs Risk management Security compliance Designing security programs Risk management
Blog

Risk ownership and scoring: Why Strike Graph is your go-to platform for risk-based compliance

Risk-based security compliance is a breeze with Strike Graph’s suite of risk-management tools like risk ownership and scoring.
February 09, 2024
Security compliance Designing security programs Risk management Security compliance Designing security programs Risk management
Blog

The essential HIPAA compliance checklist for HealthTech companies

Unsure whether your HealthTech company needs to be HIPAA compliant? Here’s how HIPAA applies to HealthTech and a compliance checklist to get you started.
January 31, 2024
Security compliance Designing security programs Security compliance Designing security programs
Blog

New Strike Graph framework | CIS builds trust without an audit

Strike Graph now supports CIS, a versatile, robust security framework for companies looking to prove their commitment to data security without committing the time and resources necessary to complete a formal audit.
January 30, 2024
CIS Designing security programs Boosting revenue Company news CIS Designing security programs Boosting revenue Company news
Blog

Should I get GDPR and ISO 27701 at the same time? Yes!

Independently, GDPR and ISO 27701 can feel like heavy lifts — tackling GDPR and ISO 27701 together saves you both time and resources.
January 29, 2024
GDPR ISO 27701 Security compliance Designing security programs GDPR ISO 27701 Security compliance Designing security programs
Blog

Closing deals the easy way: see what a difference Strike Graph makes

Independently, GDPR and ISO 27701 can feel like heavy lifts — tackling GDPR and ISO 27701 together saves you both time and resources.
January 28, 2024
Security compliance Designing security programs Boosting revenue Security compliance Designing security programs Boosting revenue
Blog

4 trends shaping HealthTech compliance in 2024

4 healthcare and healthtech compliance trends to watch. and how to protect your organization. Solutions from Strike Graph, a leader in healthcare compliance.
January 25, 2024
Designing security programs AI and automation Designing security programs AI and automation
Blog

Strike Graph and Judy Security partner to bring the best of security compliance and cybersecurity tech

Innovation benefits from thoughtful collaboration — which is why Strike Graph is pleased to announce we’ll be partnering with Judy Security to bring together the best cybersecurity and security compliance tech.
January 16, 2024
ISO 27001 GDPR Security compliance Company news ISO 27001 GDPR Security compliance Company news
Blog

Enhancing collaboration and efficiency: the power of control notes and comments

Bring real-time collaboration tools to your risk mitigation process with Strike Graph’s control comments and notes.
January 05, 2024
Security compliance TrustOps Security compliance TrustOps
Blog

Satisfy security demands now with Strike Graph’s security overview

You need to get certified — fast. Strike Graph’s security overview gives you immediate proof that you’re in the process of securing your data.
January 04, 2024
Security compliance Measuring/certifying security programs Boosting revenue Security compliance Measuring/certifying security programs Boosting revenue
Blog

$8.5 million in new funding propels Strike Graph’s mission to revolutionize security compliance

Strike Graph announces $8.5 million in new funding, led by BAMCAP with participation from existing investors Madrona and Information Venture Partners, and Rise of the Rest.
December 20, 2023
TrustOps Company news TrustOps Company news
Blog

What is the difference between NIST SP 800-53 and SP 800-171?

NIST 800-53 or 800-171? Federal or non-federal? FedRAMP? FISMA? If you need help navigating NIST publications and FISMA audits, read on to learn more.
December 17, 2023
Security compliance Designing security programs Security compliance Designing security programs
Blog

Enhance your security program with these top 5 AI best practices

Want to use AI tools, but not sure how to use them in your security program? In this post, we show you how to strategically implement 5 AI best practices.
December 14, 2023
Security compliance Designing security programs AI and automation Security compliance Designing security programs AI and automation
Blog

Take your security program from resource drain to revenue builder

Traditional security approaches are inflexible, inefficient, and costly. You need a modern approach that leverages the newest technology to save you time and resources.
December 14, 2023
Security compliance TrustOps Boosting revenue Security compliance TrustOps Boosting revenue
Blog

7 Strike Graph features that turn anyone into a security compliance expert

Ready to tackle your compliance objectives with the team you have? Here’s how the Strike Graph platform can help — no compliance expertise required.
December 13, 2023
Security compliance Designing security programs Security compliance Designing security programs
Blog

8 steps for conducting a NIST 800-171 self-assessment

Here’s how to conduct an 8-step NIST 800-171 self-assessment and the boost it can bring to your business.
December 13, 2023
Security compliance TrustOps Measuring/certifying security programs Security compliance TrustOps Measuring/certifying security programs
Blog

Strike Graph’s control library makes mitigating risk a breeze

Learn how using the Strike Graph control library makes it easy to put controls in place across multiple frameworks.
December 04, 2023
Security compliance Designing security programs Security compliance Designing security programs
Blog

Save time and resources with Strike Graph’s integrated risk assessment

Tired of wasting time on checklist approaches to security compliance? Strike Graph’s in-platform risk assessment ensures you’re covering all your vulnerabilities without wasting time and money.
November 30, 2023
TrustOps Designing security programs Risk management TrustOps Designing security programs Risk management
Video

Video | PCI DSS vs. SOC 2: Take advantage of the overlap

PCI DSS vs. SOC 2 — Save time and resources by understanding how these two major cybersecurity frameworks overlap.
November 28, 2023
PCI DSS SOC 2 SOC 2 Security compliance Designing security programs PCI DSS SOC 2 Security compliance Designing security programs
Blog

PCI DSS levels 101: requirements, examples & starter kit

Our compliance experts explain the PCI DSS levels and requirements. Explore the recent changes to PCI DSS and get a free PCI DSS compliance starter kit.
November 28, 2023
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Video

Video | Who must comply with PCI DSS?

Wondering if your company is subject to PCI DSS? Read on to learn who must meet PCI DSS requirements and what it takes to reach compliance.
November 27, 2023
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Video

Video | SOC 2 vs. ISO 27001: Security standards for EdTech companies

Learn why SOC 2 and ISO 27001 are essential cybersecurity tools for EdTech companies.
November 21, 2023
SOC 2 ISO 27001 Security compliance Designing security programs SOC 2 ISO 27001 Security compliance Designing security programs
Blog

7 reasons AI-powered compliance is crucial to your business growth

AI-powered compliance means lower costs, more accuracy, less vulnerability, and faster certification. Here’s how tech-enabled audits make this a reality.
October 23, 2023
AI/automation Security compliance AI and automation Boosting revenue AI/automation Security compliance AI and automation Boosting revenue
Blog

12 SOC 2 controls that support CPRA compliance

Reduce redundancy while ensuring comprehensive coverage — among other perks. Learn how you can best leverage the framework overlap between SOC 2 and CPRA.
October 20, 2023
CPRA SOC 2 Security compliance Designing security programs CPRA SOC 2 Security compliance Designing security programs
Blog

What to expect during your ISO 27001 and/or ISO 27701 audit

The ISO 27001 and ISO 27701 certification processes may seem complex, but armed with these tips, you’ll be able to tackle them with confidence.
October 19, 2023
ISO 27001 ISO 27701 Security compliance Measuring/certifying security programs ISO 27001 ISO 27701 Security compliance Measuring/certifying security programs
Video

Video | FERPA for EdTech companies

Learn what education’s most important privacy law — FERPA — means for EdTech companies.
October 19, 2023
SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Blog

Prep for FedRAMP compliance using NIST 800-53

Building towards FedRAMP compliance? Become NIST 800-53 compliant first and you’ll be well on your way.
October 18, 2023
FedRAMP NIST 800-53 Security compliance Measuring/certifying security programs Company news FedRAMP NIST 800-53 Security compliance Measuring/certifying security programs Company news
Blog

Everything you need to know about SOC 1

The ins and outs of SOC 1: What it is, why it’s important, who it’s for, the types of reports (including SOC 1 Type 1, SOC 1 Type 2, and SOC 1 Type 3) and more.
October 16, 2023
SOC 1 Security compliance Designing security programs SOC 1 Security compliance Designing security programs
Blog

Save time and mental energy with automated evidence collection

Automated evidence collection takes the hassle out of a previously manual and tedious process, allowing you to streamline your entire compliance journey.
October 04, 2023
Security compliance Operating security programs Security compliance Operating security programs
Blog

How multi-framework mapping can benefit your business

Here’s how the ability to map one control to multiple security frameworks can take your business to the next level.
September 20, 2023
Security compliance Operating security programs Boosting revenue Security compliance Operating security programs Boosting revenue
Blog

What is SOC 3? And why your business (might) need it

Learn about what SOC 3 is, who needs it, why it’s important, and what the difference is between SOC 1, SOC 2, and SOC 3.
August 30, 2023
SOC 3 Security compliance SOC 3 Designing security programs SOC 3 Security compliance Designing security programs
Blog

Introducing Strike Graph’s new AI security assistant

Save time and build a culture of trust with our new AI security assistant. Your security compliance team will thank you.
August 25, 2023
Security compliance Operating security programs AI and automation Security compliance Operating security programs AI and automation
Blog

Why measuring your TrustOps or security program is essential

In the third and final installment of our series on TrustOps and security programs, we take a deep dive into how to best measure your program.
August 24, 2023
TrustOps Measuring/certifying security programs TrustOps Measuring/certifying security programs
Blog

The ins and outs of operating a TrustOps or security program

In the second installment of our series, we dive into how best to operate a TrustOps or security program.
August 15, 2023
TrustOps Operating security programs TrustOps Operating security programs
Blog

Introducing Strike Graph teams

Strike Graph’s new teams feature streamlines collaboration so you can reach compliance faster and more easily.
July 27, 2023
Security compliance Operating security programs Company news Security compliance Operating security programs Company news
Blog

How to design your security program

When designing your security program, steer clear of expensive consultants and certification-in-a-box approaches — opt for a holistic approach instead.
July 14, 2023
Security compliance TrustOps Designing security programs Security compliance TrustOps Designing security programs
Blog

Strike Graph’s trust asset library turns compliance into revenue

Strike Graph’s Trust Asset Library can help keep all of your trust assets in one central location, making it easier to store, locate, and share them.
July 13, 2023
TrustOps Measuring/certifying security programs Boosting revenue TrustOps Measuring/certifying security programs Boosting revenue
Blog

Has the Data Protection Act of 1988 been repealed?

Learn about the status of the Data Protection Act of 1988 and the updates it has undergone in recent years.
July 04, 2023
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

Is the Data Protection Act of 1988 still in force?

Learn about the Data Protection Act of 1988, how it has changed over time, and where it intersects with GDPR.
June 30, 2023
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

How many controls are there in ISO 27001:2022?

With ISO 27001:2022, there are 93 instead of 114 controls, including 11 new ones. In this post we take a closer look at what those are.
June 30, 2023
ISO 27001 Security compliance Operating security programs ISO 27001 Security compliance Operating security programs
Blog

What is FedRAMP and how can you get FedRAMP authorized?

FedRAMP is an important standardized approach that agencies can use to assess the use of federal data — read on to learn what that means and why it matters
June 28, 2023
FedRAMP NIST 800-53 Security compliance Measuring/certifying security programs FedRAMP NIST 800-53 Security compliance Measuring/certifying security programs
Blog

How mature is your security program?

Ready to improve your security program, meet compliance requirements, improve stakeholder trust, and increase revenue? Moving up in the TrustOps maturity model makes it happen.
June 20, 2023
Security compliance TrustOps Designing security programs Security compliance TrustOps Designing security programs
Blog

The Strike Graph HIPAA certification is here!

A new HIPAA certification is here. Learn what you need to do in order to achieve certification and how Strike Graph can help.
June 20, 2023
TISAX HIPAA TISAX HIPAA
Blog

Collision 2023 – compliance tech to build trust

The leading provider of automated security compliance solutions, Strike Graph, will be at Collision Conference in Toronto June 26-29, 2023.
June 15, 2023
CPRA TrustOps Company news CPRA TrustOps Company news
Blog

TISAX requirements

What are the TISAX requirements? What are the labels, and how are they different? Let’s take a deep dive.
June 06, 2023
TISAX Security compliance Designing security programs TISAX Security compliance Designing security programs
Blog

Everything you need to know about TISAX levels

Learn what the TISAX levels are, how to reach compliance with each of them, and why maintaining a TISAX label is beneficial.
May 26, 2023
TISAX Security compliance Designing security programs TISAX Security compliance Designing security programs
Blog

Combine software and service to optimize your security program

Pairing Strike Graph’s all-in-one compliance platform with a service provider like GoldSky can deliver a turn-key security program.
May 26, 2023
SOC 1 Security compliance SOC 1 Security compliance
Blog

Strike Graph now supports TISAX for automotive success

Strike Graph is excited to announce that we now support TISAX — the emerging global standard for companies in the automotive industry.
May 18, 2023
TISAX TISAX
Blog

TISAX vs. ISO 27001

What is TISAX? What are the differences between TISAX and ISO 27001? How are they similar? Learn all the answers to these questions and more.
May 17, 2023
TISAX ISO 27701 Security compliance Designing security programs TISAX ISO 27701 Security compliance Designing security programs
Blog

How to become HIPAA compliant — and why you should

Becoming HIPAA compliant can help spare your business from costly violations. Learn more about HIPAA, who is regulated, and how to get compliant.
April 25, 2023
HIPAA Security compliance Measuring/certifying security programs HIPAA Security compliance Measuring/certifying security programs
Blog

How do I transition from ISO 27001: 2013 to ISO 27001: 2022?

Learn when you need to transition from ISO 27001: 2013 to ISO 27001: 2022, what’s changing, and what’s staying the same.
April 24, 2023
Security compliance Operating security programs Security compliance Operating security programs
Blog

What are trust assets, and how do they grow your revenue?

Trust assets, like certifications, prove your company is trustworthy, which boosts revenue — and they don’t have to be difficult to achieve.
April 21, 2023
TrustOps Measuring/certifying security programs Boosting revenue TrustOps Measuring/certifying security programs Boosting revenue
Blog

What is a chief trust officer (CTrO)

Learn what a Chief Trust Officer (CTrO) does, why they’re important, and how robust reporting can make their lives easier.
April 14, 2023
Security compliance TrustOps Security compliance TrustOps
Blog

What is TrustOps and why does it matter for your business?

TrustOps is all about building trust with customers and partners. Learn why TrustOps is important for your business and how to get started.
April 13, 2023
Security compliance TrustOps Boosting revenue Security compliance TrustOps Boosting revenue
Blog

Don’t get caught off guard by the next banking crisis

In light of the SVB crisis, you may be asking what your company should do next. We have the answer — it’s time to mitigate banking risk. Here’s how.
March 31, 2023
Security compliance Security compliance
Blog

Who needs CMMC certification?

Understanding all the ins and outs of CMMC can be difficult, but we’re here to help. Here’s who needs CMMC certification and how to achieve it.
March 21, 2023
CMMC NIST 800-171 Security compliance Designing security programs CMMC NIST 800-171 Security compliance Designing security programs
Blog

How do I conduct a vendor risk assessment?

Learn the six stages of conducting a vendor risk assessment and know what types of risk you should be checking for with potential partners.
March 21, 2023
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

What are the 6 stages of risk management?

Ready to ensure a strong security posture? Start with risk management. In this post we explain the 6 stages of risk management and how you can prepare for each.
March 18, 2023
Designing security programs Risk management Designing security programs Risk management
Blog

Everything you need to know about the SOC 2 audit process

Need to get SOC 2 compliant ASAP? This guide will walk you through everything you need to know about the SOC 2 audit process so you can go in prepared.
March 14, 2023
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

How do I become SOC 2 Type 2 compliant?

Does your organization need to become SOC 2 Type 2 compliant? Here’s how to know, and how to get there if you do.
February 23, 2023
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

The difference between SOC 1 and SOC 2

What’s the difference between a SOC 1 and SOC 2? What about a SOC 1 Type 1 and Type 2 and a SOC 2 Type 1 and Type 2? In this post, we break it all down.
February 21, 2023
SOC 1 SOC 2 Security compliance Designing security programs SOC 1 SOC 2 Security compliance Designing security programs
Blog

What was the data protection act of 1988?

Learn about the history of the data protection act of 1988 and its evolution into the GDPR.
February 16, 2023
GDPR Security compliance GDPR Security compliance
Blog

A smarter way to get your security certifications

Strike Graph now includes security certifications. Our all-in-one platform takes you from start to certification — no auditing firm required.
February 15, 2023
Security compliance Measuring/certifying security programs Security compliance Measuring/certifying security programs
Blog

Who must comply with SOC 2 requirements

Learn about who needs to comply with SOC 2 requirements, and all the benefits of achieving compliance.
February 13, 2023
SOC 2 SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Blog

Announcing a smarter way to get security certifications

Strike Graph announces a new integrated solution that allows customers to go through security audits powered by technology at a fraction of the cost and time.
February 08, 2023
Company news Company news
Blog

Can you fail a SOC 2 audit?

Learn why SOC 2 audits aren’t pass-fail, the importance of an auditor opinion, and how to prepare for an audit.
February 02, 2023
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

How much does a SOC 2 audit cost?

A SOC 2 audit costs a lot less when you use an all-in-one solution instead of a traditional auditing firm. Here’s why.
February 01, 2023
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

6 types of vulnerability scanning

Are you performing vulnerability scanning? Here’s why you should and what types of scans are available to ensure your business is secure.
January 27, 2023
Designing security programs Risk management Designing security programs Risk management
Blog

What is a network security test?

Learn about network security tests, their benefits, and how Strike Graph can help you with testing.
January 26, 2023
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

Why are governance, risk, and compliance important?

Explore why governance, risk, and compliance (GRC) are important for your organization and learn how you can get started.
January 26, 2023
Security compliance TrustOps Security compliance TrustOps
Blog

Compliance attestation: What it is and how it affects your business

Do you know the difference between certification and attestation? In this post we explore what compliance attestation is and how it affects your business.
January 25, 2023
Security compliance Measuring/certifying security programs Security compliance Measuring/certifying security programs
Blog

Regulatory compliance software: Which should you choose?

Regulatory compliance software provides organizations with a framework to stay up to date with regulatory requirements and avoid compliance breaches.
January 22, 2023
Security compliance Operating security programs Security compliance Operating security programs
Blog

The CPRA – California Privacy Rights Act – is here!

The CPRA went into full effect on January 1, 2023 — is your business ready?
January 13, 2023
CCPA/CPRA Security compliance CCPA/CPRA Security compliance
Blog

What is a security audit and how can it benefit your small business?

Security audits may seem overwhelming at first, but don't worry — in this guide, we'll break down what they are and how they benefit your business.
January 09, 2023
Security compliance Measuring/certifying security programs Boosting revenue Security compliance Measuring/certifying security programs Boosting revenue
Blog

What is compliance tracking?

Compliance tracking is the process of monitoring and organizing compliance-related information and activities. Here’s how your business can do it.
December 29, 2022
Security compliance Security compliance
Blog

Do you need an ISO 27001 audit in 2023? Probably!

Learn why ISO 27001 audits are important for businesses managing sensitive information.
December 27, 2022
ISO 27001 ISO 27001
Blog

Security compliance for startups: 3 reasons you need to start now

Lack of security compliance could cost your startup millions and ruin your reputation. Learn why you should implement a security plan now for future success.
December 22, 2022
Security compliance Designing security programs Security compliance Designing security programs
Blog

What is the purpose of compliance risk management?

If your company doesn’t have a compliance risk management plan, you could be facing a loss of reputation, revenue, valuation, and business opportunities.
December 20, 2022
Security compliance Risk management Security compliance Risk management
Blog

Strike Graph now offers NIST 800-171

Our NIST 800-171 compliance support can help your organization better protect CUI and even achieve CMMC certification.
December 14, 2022
NIST 800-171 Company news NIST 800-171 Company news
Blog

What is cybersecurity governance?

Discover how your leadership team can use a cybersecurity governance plan to fortify your organization against increasing cybersecurity threats.
December 12, 2022
Security compliance TrustOps Security compliance TrustOps
Blog

HITRUST vs. HIPAA

Explore the relationship between the Health Insurance Portability and Accountability Act of 1996 and the security framework that proves you’re in compliance with it.
November 25, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
Blog

What are the NIST SP 800-171 controls?

Get all the details on the NIST SP 800-171 controls and how they apply to your organization.
November 23, 2022
NIST 800-171 Security compliance Operating security programs NIST 800-171 Security compliance Operating security programs
Blog

What is an information security policy, and do you need one?

Creating a strong information security policy can help your organization prevent data breaches, and more. Discover what your policy should include.
November 22, 2022
Security compliance Designing security programs Security compliance Designing security programs
Blog

What is NIST certification?

Here’s what your business will need to do in order to obtain NIST certification — actually NIST compliance — including NIST SP 800-171.
November 17, 2022
NIST 800-171 NIST 800-53 Security compliance Designing security programs NIST 800-171 NIST 800-53 Security compliance Designing security programs
Blog

What are the 5 steps in the NIST cybersecurity framework?

Implementing the 5 steps in the NIST cybersecurity framework will help your business stay protected against potential security threats.
November 16, 2022
NIST 800-171 NIST 800-53 Security compliance Designing security programs NIST 800-171 NIST 800-53 Security compliance Designing security programs
Blog

A cheatsheet for common GDPR terms

There are a lot of GDPR terms, and it can be difficult to keep them all straight. Hopefully this cheatsheet will help you on your journey to GDPR compliance.
November 16, 2022
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

SOC 2 Type 1 vs Type 2 — What’s the difference?

SOC 2 is quickly becoming one of the most important compliance frameworks for businesses. Which one should your business pursue – SOC 2 Type 1 or Type 2?
November 02, 2022
SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Blog

What are the 7 types of risk to your business?

While no company is risk-free, you can mitigate many kinds of risk with proper understanding and an action plan. Learn how!
October 31, 2022
Designing security programs Risk management Designing security programs Risk management
Blog

What is required for GDPR compliance?

What exactly is required of your organization in order to achieve — and maintain — GDPR compliance? Let’s take a look.
October 25, 2022
GDPR Security compliance Measuring/certifying security programs GDPR Security compliance Measuring/certifying security programs
Blog

Understanding cybersecurity compliance

What is compliance in cybersecurity? Why is compliance important? Read on to learn cybersecurity basics and how you can achieve compliance, quickly.
October 24, 2022
Security compliance Designing security programs Security compliance Designing security programs
Blog

How many controls are there in ISO 27701?

Check out our overview of ISO 27701 controls for your answer, including what controls are, how they work, and how they improve your data security posture.
October 19, 2022
ISO 27701 Security compliance Designing security programs ISO 27701 Security compliance Designing security programs
Blog

What is a vendor risk assessment questionnaire?

A vendor risk assessment questionnaire helps organizations identify their partners’ potential weaknesses that could result in a breach.
October 18, 2022
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

Unlock revenue with HIPAA compliance

Learn how HIPAA compliance can boost your company’s revenue and set you up for future success.
October 11, 2022
HIPAA Security compliance Measuring/certifying security programs Boosting revenue HIPAA Security compliance Measuring/certifying security programs Boosting revenue
Blog

What are the rule exceptions to HIPAA?

HIPAA rule exceptions include state and federal exceptions, operational and occupational exceptions, emergency situation exceptions, and more.
October 07, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
Blog

Top 5 things our customers love about Strike Graph

See what our customers have to say about the Strike Graph security compliance platform on G2.
October 05, 2022
Company news Company news
Blog

What are the 8 GDPR rights?

The GDPR establishes eight rights for individuals on the internet. Read about these rights and your organization's responsibilities to protect them.
September 28, 2022
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

What are the exceptions to CCPA?

Find out if your company or any of the information you handle is exempt from the CCPA.
September 26, 2022
CPRA Security compliance Designing security programs CPRA Security compliance Designing security programs
Blog

What is a PCI Qualified Security Assessor?

If your company needs to undergo a PCI DSS audit, it will be performed by a PCI Qualified Security Assessor. Here’s how they’ll assess your compliance.
September 21, 2022
PCI DSS Security compliance Measuring/certifying security programs PCI DSS Security compliance Measuring/certifying security programs
Blog

Unstructured data and its impact on SOC 2 compliance

A SOC 2 report ensures that service providers are securely managing your unstructured data to defend your organization’s security and privacy.
September 15, 2022
SOC 2 Security compliance Risk management SOC 2 Security compliance Risk management
Blog

Succeed together — from far apart

The team at Strike Graph is fully remote. This means we succeed together via a culture of collaboration and smart remote work strategies.
September 08, 2022
Company news Company news
Blog

Who needs to comply with the CCPA?

To ensure your business is CCPA compliant, you need to know what CCPA is, who needs to comply, and what happens if you don’t.
September 07, 2022
CPRA Security compliance Designing security programs CPRA Security compliance Designing security programs
Blog

How much does ISO 27001 certification cost?

Learn about the cost of ISO 27001 certification and maintenance and decide whether the benefits of ISO 27001 outweigh the costs.
August 31, 2022
ISO 27001 Security compliance Measuring/certifying security programs ISO 27001 Security compliance Measuring/certifying security programs
Blog

ISO 27001 controls

ISO 27001 certification proves you can protect sensitive information. Read on to learn more about ISO 27001 controls and how to implement them.
August 30, 2022
ISO 27001 Security compliance Operating security programs ISO 27001 Security compliance Operating security programs
Blog

The HIPAA Privacy Rule: Is your organization a covered entity?

Learn who the HIPAA Privacy Rule applies to, which information it protects, and how your organization can reach compliance.
August 23, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
Blog

ISO vs. GDPR compliance requirements

Learn how tackling ISO 27701 and GDPR compliance requirements together can save you time and money.
August 18, 2022
ISO 27001 GDPR ISO 27701 Security compliance Designing security programs ISO 27001 GDPR ISO 27701 Security compliance Designing security programs
Blog

Security frameworks 101

Wondering which security frameworks might be helpful for your organization? Read on to learn about some of most common standards and certifications.
August 16, 2022
Security compliance Designing security programs Security compliance Designing security programs
Blog

Who must comply with PCI DSS?

Wondering if your company is subject to PCI DSS? Read on to learn who must meet PCI DSS requirements and what it takes to reach compliance.
August 12, 2022
PCI DSS PCI DSS
Blog

What are the 3 rules of HIPAA?

When it comes to the 3 rules of HIPAA — the Privacy Rule, the Security Rule, and the Breach Notification Rule — what do you need to know?
August 09, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
Blog

We achieved SOC 2 Type 2 compliance!

Strike Graph has reached SOC 2 Type 2 compliance! Learn what the experience taught us and how it can benefit you.
August 05, 2022
Company news Company news
Blog

What is TPRM or third-party risk management?

TPRM stands for third-party risk management. Learn about the benefits and challenges of implementing TPRM controls for your organization.
July 26, 2022
Designing security programs Risk management Designing security programs Risk management
Blog

What is summary health information?

Learn how HIPAA defines summary health information, the Privacy Rule, PHI, and more — and how they apply to your business.
July 25, 2022
HIPAA Security compliance Designing security programs HIPAA Security compliance Designing security programs
Blog

The difference between SOC 1, SOC 2, and SOC 3

Learn about the difference between SOC 1 and SOC 2 attestations. Read how Strike Graph can speed up your SOC 2 compliance efforts.
July 24, 2022
SOC 2 SOC 1 SOC 3 Security compliance Designing security programs SOC 2 SOC 1 SOC 3 Security compliance Designing security programs
Blog

What is compliance risk?

Learn about compliance risk and the strategies and frameworks used to manage it.
July 23, 2022
Security compliance Designing security programs Risk management Security compliance Designing security programs Risk management
Blog

Get your business ready for the California Privacy Rights Act (CPRA)

On January 1, 2023, the California Privacy Rights Act (CPRA) will take effect. Is your business ready to make the shift?
July 21, 2022
CCPA/CPRA CCPA/CPRA
Blog

What are the 4 PCI DSS levels?

The 4 PCI standards—or PCI DSS compliance levels—are an important part of the PCI DSS certification process. Learn what defines PCI DSS Levels 1, 2, 3 & 4.
July 21, 2022
PCI DSS PCI DSS
Blog

What are the 7 GDPR principles?

Let's take a look at all 7 principles of GDPR and what they mean for you and your business. Learn more.
June 24, 2022
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

Comparing ISO 27001 & ISO 27701: Differences, similarities, and dual certification process

Learn how these frameworks overlap and differ. See how to save time & money by doing both certifications at once. Plus, implementation tips & free checklist.
June 21, 2022
ISO 27001 ISO 27701 ISO 27701 Security compliance Designing security programs ISO 27001 ISO 27701 Security compliance Designing security programs
Blog

The 12 PCI DSS requirements: an in-depth look

Let's go a bit more in-depth and explore the 12 PCI DSS requirements, as well as how they apply to your business.
June 08, 2022
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

From cost concern to opportunity maker

Justin Beals, CEO at Strike Graph and David Penn, Research Analyst with Finovate talk about the current compliance landscape and how to find the right partner for your unique business.
June 03, 2022
Security compliance Boosting revenue Security compliance Boosting revenue
Blog

Need a quick guide to GDPR? Start here.

Regardless of where you’re located, if your business collects and/or manipulates the personal data of EU residents, then you need to comply with GDPR.
May 27, 2022
GDPR Security compliance Designing security programs GDPR Security compliance Designing security programs
Blog

Strike Graph now supports PCI DSS

Strike Graph now supports PCI DSS to help you increase cardholder data controls and secure credit and debit card transactions against fraud and data theft.
May 16, 2022
PCI DSS Company news PCI DSS Company news
Blog

What is PCI DSS?

Is your business collecting credit card data? Make sure you know the risks and how to stay PCI DSS compliant. Strike Graph streamlines PCI DSS.
May 16, 2022
PCI DSS PCI DSS
Blog

CCPA / CPRA compliance: What you need to know

The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018 and became effective on January 1, 2020. Here's what you need to know.
May 04, 2022
CPRA Security compliance Designing security programs CPRA Security compliance Designing security programs
Blog

SOC 2 Report Example

What is a SOC 2 Attestation Report? It’s the pot of gold at the end of the service authorization control (SOC 2) audit journey. These reports—issued by ind
April 08, 2022
Blog

ISO 27701 basics

Learn more about what ISO 27701 is, why it’s important, and how Strike Graph can help your organization achieve certification.
April 07, 2022
ISO 27701 Security compliance Designing security programs ISO 27701 Security compliance Designing security programs
Blog

Compliance in the education technology industry

What does compliance mean for education technology? Get the scoop on FERPA (Family Educational Rights and Privacy Act) and why compliance in education matters. 
April 02, 2022
PCI DSS Security compliance Designing security programs PCI DSS Security compliance Designing security programs
Blog

Understanding and accelerating security questionnaires

Learn how security questionnaires are used and how to speed up the sales process.
March 24, 2022
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

Auditors and security controls: where to draw the line

CPA auditors aren't the experts of security and governance controls. Listen as Justin Beals & Sam Oberholtzer discuss the taboos of audit culture.  
March 11, 2022
Security compliance Measuring/certifying security programs Security compliance Measuring/certifying security programs
Blog

The six stack: 6 software solutions for startup success

Choosing the right software for managing your business can be daunting, especially for the startup. With a bit of guidance, it does not have to be.
March 10, 2022
IT security IT security
Blog

Strike Graph compliance made easy

Strike Graph helps simplify security certifications like SOC 2, ISO 27001, ISO 27701, HIPAA, CCPA, and GDPR to achieve trust and move deals.
March 08, 2022
Blog

Cybersecurity Frameworks 101

Understanding IT security frameworks and which one applies to your organization can be confusing. We've broken it down and made it simple for you.
March 05, 2022
Blog

12 vendor management best practices

Read these 12 Vendor management best practices help you increase the value from your vendor relationships.
March 02, 2022
Security questionnaires Operating security programs Risk management Security questionnaires Operating security programs Risk management
Blog

AICPA guidance and SOC 2 audit practices

Strike Graph CEO Justin Beals discusses the intricacies of SOC 2 Audits and audit practices with experts Sam Oberholtzer and Michelle Strickler. 
February 28, 2022
SOC 2 SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

How our customers achieve success with flexible compliance management

Manager of Customer Success Jordan Bellman reflects on how Strike Graph's flexible platform helps her clients achieve their compliance goals.
February 22, 2022
Security compliance Boosting revenue Security compliance Boosting revenue
Blog

The differences between ISO 27002: 2013 and ISO 27002: 2022

ISO 27002 provides guidance on the implementation of controls from ISO 27001 Annex A. On February 15, 2022, ISO 27002: 2013 was updated to 27002: 2022.
February 17, 2022
ISO 27002 Security compliance Designing security programs ISO 27002 Security compliance Designing security programs
Blog

Penetration testing costs: Key factors, pricing insights and cost management

Compliance experts share average costs, factors affecting pricing, and pricing models. See questions to ask vendors before buying pen testing.
February 15, 2022
Pen testing Measuring/certifying security programs Risk management Pen testing Measuring/certifying security programs Risk management
Blog

Strike Graph now supports ISO 27701

Strike Graph now supports ISO 27701, a standard for privacy information management that helps companies stay ahead of the compliance curve.
February 10, 2022
ISO 27701 Company news ISO 27701 Company news
Blog

Understanding regulation, security, governance, and compliance

Justin Beals joins Sam Oberholtzer to discuss regulation, security, governance, and compliance. Learn what they mean and how they're connected.
February 01, 2022
Security compliance TrustOps Security compliance TrustOps
Blog

Antivirus software: helpful or harmful?

Learn why employing an anti-virus solution might put your security at risk in a discussion with Justin Beals and Sam Oberholtzer.
January 25, 2022
Security compliance Risk management Security compliance Risk management
Blog

What is a bridge letter in a SOC 2 report?

A bridge letter is a document made available by vendors to cover a period of time between the reporting period end date of the current SOC report and the release of a new SOC report.
January 19, 2022
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

Processes, policies and controls: what's the difference?

Justin Beals joins Sam Oberholtzer to discuss cybersecurity controls, policies, and processes. Learn more about building a valuable cybersecurity posture.
January 11, 2022
Security compliance Operating security programs Security compliance Operating security programs
Blog

Entrepreneurial itch to enterprise software: how Strike Graph came to be

Justin Beals and Brian Bero share how an entrepreneurial itch and fascination with technology led them to focus their efforts on cybersecurity.
January 04, 2022
Company news Company news
Blog

3 easy ways to keep calm and stay focused during audit season

Justin Beals joins ex-auditor Sam Oberholtzer for a conversation about how to reduce compliance burnout, even during a busy audit season.
December 22, 2021
Security compliance Measuring/certifying security programs Security compliance Measuring/certifying security programs
Blog

Why trust assets are essential to growing your business

Trust assets are the most effective way to build trust with customers and help speed along the sales process proving your security compliance achievements.
November 17, 2021
TrustOps Measuring/certifying security programs Boosting revenue TrustOps Measuring/certifying security programs Boosting revenue
Blog

HIPAA + SOC 2: Why tackling them in unison makes sense

Strike Graph's flexible platform makes it easier to achieve HIPAA and SOC 2 compliance. Learn how we can help you tackle both simultaneously.
November 03, 2021
SOC 2 HIPAA HIPAA Security compliance Designing security programs SOC 2 HIPAA Security compliance Designing security programs
Blog

SOC 2 tools for startups that won't break the bank

The Strike Graph list of inexpensive, open-source, and often free versions of products that can be used to support the most basic IT security requirements.
September 15, 2021
SOC 2 Security compliance Operating security programs SOC 2 Security compliance Operating security programs
Blog

Announcing our Series A!

Strike Graph CEO and co-founder, Justin Beals, shares his excitement on what the Series A means for our team and customers.
September 14, 2021
Company news Company news
Blog

How much time does it take to prepare for a SOC 2 audit?

How much time do common SOC 2 preparation tasks take and which departments need to be looped in? Realistic answers from Strike Graph.
August 10, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

SOC 2 test exceptions — what are they and how to address them

Your type 2 SOC 2 audit is underway and appears to be going well. Your auditor finds a ‘test exception’. Did you just 'fail' your audit? Not necessarily.
August 05, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

SOC 2 framework: a path to good operational governance

Does your SOC 2 framework demonstrate solid corporate governance practices across your organization? Here’s why that’s important.
August 03, 2021
SOC 2 Security compliance TrustOps Designing security programs SOC 2 Security compliance TrustOps Designing security programs
Blog

Security questionnaires 101: the basics

Security Reports are a fact of life in the SaaS procurement process. Unlock revenue quickly and efficiently with an AI ML approach.
July 28, 2021
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

Deciphering integrations and automation in SaaS IT compliance tools

IT compliance SaaS providers sell integrations and automations. What do these terms really mean and who benefits from these functionalities.
July 14, 2021
Security compliance AI and automation Security compliance AI and automation
Blog

Skipping a Type 1 on your SOC 2 journey? Think again!

Skipping a type 1 SOC 2 and heading straight into a type 2 is called a running start. It is risky!
June 09, 2021
SOC 2 SOC 2
Blog

How to do a risk assessment

Learn How to Conduct a Risk Assessment with Strike Graph
May 28, 2021
Security compliance Designing security programs Risk management Security compliance Designing security programs Risk management
Blog

Interview with a penetration tester

Our resident penetration test expert provides his insights, and tips for how and when to undergo a seamless penetration test in this exclusive interview.
May 27, 2021
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

How to select a SOC 2 auditor

Selecting a SOC 2 doesn't have to be fear inducing. Knowing what to ask an auditor and how to interpret their responses will set you up for success.
May 25, 2021
SOC 2 SOC 2
Blog

Takeaways from Biden’s cybersecurity executive order

President Biden recently signed a executive order on cyber security. The directive will influence both public and private sector security practices.
May 20, 2021
Security compliance Security compliance
Blog

Top 9 cybersecurity measures for remote teams

Working remote is here to stay. Organizations can implement new security controls or beef up existing controls to address this reality.
May 18, 2021
IT security IT security
Blog

5 lessons learned from our own SOC 2 journey

Going through a SOC 2 audit doesn't need to suck. We just earned our SOC 2 and here are five lessons to share to make your journey just as successful.
May 10, 2021
SOC 2 Security compliance SOC 2 Security compliance
Blog

What to know, how to begin, and why to prioritize a SOC 2 audit

We are excited to present auditing expert Nick Norton from Geels Norton and Strike Graph's compliance expert
May 05, 2021
SOC 2 SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

Ask an auditor and compliance geek

Strike Graph and Geels Norton recorded an Ask an Auditor & Compliance Geek meeting to answer your most important compliance questions and provide feedback.
April 22, 2021
Security compliance Measuring/certifying security programs Security compliance Measuring/certifying security programs
Blog

Pen test FAQs

What is a pen test and what does it entail? What is the difference between a pen test and a vulnerability scan? How does one find a good pen tester?
April 20, 2021
Security compliance Security compliance
Blog

The secret ingredient for a smooth SOC 2 audit

Any auditor will tell you, the unifying theme of all their smoothest, most seamless audits can be traced back to one thing: readiness. Preparation is key.
April 15, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

Understanding the ROI from SOC 2 (or any certification)

Deepen your understanding of the ROI from a SOC 2 (or any certification)
April 15, 2021
SOC 2 SOC 2 Security compliance Boosting revenue SOC 2 Security compliance Boosting revenue
Blog

Our #1 tip for completing security questionnaires

Security questionnaires are a redundant hassle. Our system helps you maximize your time and efforts by leveraging answers from your unique control library.
April 08, 2021
Measuring/certifying security programs Risk management Measuring/certifying security programs Risk management
Blog

5 things a founder should know about SOC 2

Join Strike Graph's Brian Bero as we discuss what every founder should know about SOC 2 Compliance
April 06, 2021
Blog

The dangers of a checklist approach to SOC 2 compliance

A checklist approach to SOC 2 compliance is fraught with dangers. We advocate for a risk based approach to right size your compliance efforts.
April 01, 2021
SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Blog

What are SOC 2 Complementary User Entity Controls (CUEC)?

Learn the difference between Complementary User Entity Controls (CUECs) and Complimentary Subservice Organization Controls.
March 26, 2021
SOC 2 Security compliance Operating security programs SOC 2 Security compliance Operating security programs
Blog

Solved: security questionnaires, RFPs, and revenue hurdles

Deepen your understanding of the ROI from a SOC 2 (or any certification)
March 25, 2021
Security questionnaires Security compliance Risk management Boosting revenue Security questionnaires Security compliance Risk management Boosting revenue
Blog

SOC 2 vs. ISO 27001: differences, similarities and standards mapping

The pros and cons of a SOC 2 audit or ISO 27001 certification explained. First consider the scope and maturity of your organization's security program.
March 24, 2021
SOC 2 ISO 27001 Designing security programs SOC 2 ISO 27001 Designing security programs
Blog

How much does a SOC2 certification and audit cost?

The cost of SOC 2 audit and certification is dependent on a number of factors. These include company size, current capabilities, and more. Learn the total cost of SOC 2 certification.
March 01, 2021
SOC 2 SOC 2
Blog

EdTech and cybersecurity: what leaders need to understand

What leaders need to understand about EdTech and cybersecurity
February 16, 2021
SOC 2 Security compliance Designing security programs SOC 2 Security compliance Designing security programs
Blog

SOC 2 System Description series: how to describe your System Boundaries

Defining your System Boundaries within the System Description can be a nerve-wracking endeavor. With a bit of guidance it does not have to be.
February 11, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

How SOC 2 auditors test

SOC 2 audits can be nerve wracking events. If you know the basics of how auditors approach testing, you will be prepared and have a bit of an advantage.
February 05, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

Are you ready for your SOC 2 audit?

There are a few steps you can take to determine whether you are ready to kick off your SOC 2. Control mapping and control coverage are where to start.
February 04, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Blog

You got your SOC 2! Now what?

You have your SOC 2 report in hand, your customers are happy, now what happens? Detailed tips on how to brag about it and how to not let it go stale.
January 26, 2021
SOC 2 Security compliance SOC 2 Security compliance
Blog

SOC 2 controls and a remote workforce in 2021

Assessing risks and threats to your network during the pandemic will helps you identify the appropriate controls to integrate into your security program.
January 20, 2021
SOC 2 SOC 2
Blog

How long does it take to get a SOC 2 Type 1? And how long does it last?

Your customer is requiring you to get a SOC 2. Depending on the urgency, you have a few options, from a methodical approach to a 'running' start. Learn more.
January 14, 2021
SOC 2 Security compliance Measuring/certifying security programs SOC 2 Security compliance Measuring/certifying security programs
Podcast

Application Security Management and the new SBOM with Idan Plotnik

A Secure Talk Episode: Application Security Management and the new SBOM with Idan Plotnik
November 12, 2024
Podcast

Privacy reforms we need now with James B.Rule

A Secure Talk Episode: Privacy reforms we need now with James B. Rule
November 05, 2024
Podcast

Is technology a religion? with Greg Epstein

A Secure Talk Episode: Is Technology a Religion? with Greg Epstein
October 29, 2024
Podcast

Enterprise security from healthcare to GE: accountability, strategy, and value creation with Bob Chaput

A Secure Talk Episode: enterprise security from healthcare to GE: accountability, strategy, and value creation with Bob Chaput
October 22, 2024
Podcast

Forging the future of security with Rey Kirton at Forgepoint Capital

A Secure Talk Episode: Forging the future of security with Rey Kirton at Forgepoint Capital
October 15, 2024
Podcast

Ethics and innovation in medical AI: a conversation with Dr. Paul Campbell.

A Secure Talk Episode: Ethics and innovation in medical AI: a conversation with Dr. Paul Campbell."
October 08, 2024
Podcast

Cyber warfare and national cyber defense with Jason Healey

A Secure Talk Episode: "Cyber warfare and national cyber defense with Jason Healey."
October 01, 2024
Podcast

Mastering Cyber Shadows: Alex Cox's take on LockBit's resilience and the role of threat intelligence

A Secure Talk Episode: Mastering Cyber Shadows: Alex Cox's take on Lockbit's resilience and the role of threat intelligence
September 28, 2024
Podcast

Making Security a Part of Product Development with Naomi Buckwalter

A Secure Talk Episode: Making Security a Part of Product Development with Naomi Buckwalter
September 24, 2024
Podcast

From Cryptography to Web 3 powered by Blockchain with David Holtzman

A Secure Talk Episode: From Cryptography to Web 3 powered by Blockchain with David Holtzman
September 17, 2024
Podcast

Beyond the Ballot: Election Security Insights with Mark Listes

A Secure Talk Episode: The Human toll of jobs/security with Danny Goodwin and Edward Schwarzschild
September 10, 2024
Podcast

The Human Toll of Jobs / Security with Danny Goodwin & Edward Schwarzschild

A Secure Talk Episode: The Human toll of jobs/security with Danny Goodwin and Edward Schwarzschild
September 03, 2024
Podcast

Hack to learn: integrating humanities into cybersecurity with Dr. Aaron Mauro

A Secure Talk Episode: Hack to learn: Integrating humanities into Cybersecurity with Dr. Aaron Mauro
August 27, 2024
Podcast

Hacking the Human OS: Insights from Social Engineering expert Christopher Hadnagy

A Secure Talk Episode: Hacking the human OS: Insights from Social Engineering expert Christopher Hadnagy
August 23, 2024
Podcast

The Algorithmic Mirror: Reflecting data's role in modern life

A Secure Talk Episode: The Algorithmic mirror: reflecting on data's role in modern life with Aram Sinnreich and Jesse Gilbert
August 22, 2024
Podcast

Redefining cybersecurity strategies with Bruce Schneier

A Secure Talk Episode: Redefining cyber security strategies with Bruce Schneier
August 20, 2024
Podcast

Navigating cyber threats: FBI perspectives on protecting business and family with Scott Augenbaum

A Secure Talk Episode: Navigating cyber threats: FBI perspectives on protecting business and family with Scott Agenbaum
August 20, 2024
Podcast

Security threats from the Chrome Web Store with Sheryl Hsu

A Secure Talk Episode: Security Threats from the Chrome Web Store with Sheryl Hsu
August 13, 2024
Podcast

Dynamic data safety: Purandar Das on encryption and beyond

A Secure Talk Episode: Dynamic data safety: Purandar Das on encryption and beyond
August 08, 2024
Podcast

A perfect fit: Using risk to get the right sized security with Christopher Hodson

A Secure Talk Episode: A perfect fit: using risk to get the right sized security with Christopher Hodson
August 07, 2024
Podcast

Mastering the role of CISO with Todd Fitzgerald

A Secure Talk Episode: Mastering the role of CISO with Todd Fitzgerald
August 07, 2024
Podcast

Unraveling the layers of HIPAA: A deep dive into data security with Iliana Peters

A Secure Talk Episode: Unraveling the layers of HIPAA: A deep dive into data security with Iliana Peters
August 06, 2024
Podcast

Hacking a nation: Alejandro Caceres' bold attack on North Korea

A Secure Talk Episode: Hacking a Nation: Alejandro Caceres' bold attack on North Korea
August 06, 2024
Podcast

Navigating HIPAA compliance with confidence

A Secure Talk Episode: Navigating HIPAA Compliance With Confidence, with Rebecca Herold and Kevin Beaver
August 05, 2024
Podcast

Cyber threat intelligence: Getting to know the adversary

A Secure Talk Episode: Cyber threat intelligence: Getting to Know the Adversary with Mary D'Angelo
August 02, 2024
Podcast

The #1 vulnerability in cybersecurity is us

A Secure Talk Episode: The #1 Vulnerability in cybersecurity is us with Dr. Abbie Marono
August 02, 2024
Podcast

Crisis fighting: How to plan a successful security incident

A Secure Talk Episode: Crisis Fighting: How to Plan a Successful Security Incident with Mike LeFever and Roderick Jones
August 02, 2024
Podcast

Creating the dark web: How the TOR browser was invented

A Secure Talk podcast episode: Creating the dark web: How the TOR browser was invented with Ben Collier
February 21, 2023
eBook

Risk-based compliance

June 01, 2023
Risk management Security compliance
eBook

What is TrustOps?

April 27, 2023
TrustOps
eBook

How to get certified without an expensive auditing firm

February 08, 2023
Security compliance Measuring/certifying security programs
eBook

5 things every startup founder should know about SOC 2

February 01, 2023
Security compliance Designing security programs SOC 2
eBook

The power of automated evidence management

October 04, 2024
AI and automation
eBook

Securing medical devices in the digital age

November 07, 2024
Security compliance MedDev
Webinar

Compliance automation: Reducing manual effort and human error

August 27, 2024
Webinar
Webinar

Navigating the complexities of multi-framework compliance

July 17, 2024
Webinar
Webinar

How to empower your compliance dream team and boost efficiency

May 30, 2024
Webinar
Webinar

Cybersecurity in Medical Devices: Protecting Patient Data and Ensuring Compliance

September 26, 2024
Webinar
Load More items

Keep up to date with Strike Graph.

The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.

Keep up to date with Strike Graph.

The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.

foot-dark-shade

Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.

Frameworks

Design

Operate

MEASURE

Learn more

    © 2024 Strike Graph, Inc. All Rights Reserved • Privacy PolicyTerms of Service