Strike Graph Reviews & Product Details

The platform is easy to use and makes it clear what is required to meet each control. I also appreciate being able to download and use templates when necessary, as this feature has saved me a significant amount of time. Recently, I have been able to use the questionnaire AI which is extremely helpful. Review collected by and hosted on G2.com.

I do feel that the reporting could be better. I do rely on it much because I do believe it is as accurate as it could be. Improvement is needed there. Review collected by and hosted on G2.com.

Strike Graph is an Enterprise Governance, Risk, and Compliance (GRC) tool that has improved Sanmina's security compliance and risk management across 23 countries, multiple locations, and various frameworks. By centralizing operations and replacing manual tracking, it has significantly simplified compliance, enhanced security, and improved our risk matrix documentation. The platform effectively addresses complex Enterprise Content Management challenges and supports Cybersecurity Maturity Model Certification (CMMC) efforts, including Plans of Action and Milestones (POAMs) and System Security Plans (SSP). Furthermore, a successful pilot program has established Strike Graph as an outsourced Third-Party Risk Management (TPRM) solution, streamlining vendor assessments and compliance reporting.

The impact of Strike Graph is clearly demonstrated through five successful CMMC assessments, where it facilitated the organization and evaluation of over 600 artifacts of evidence at each plant. This has considerably boosted Sanmina's competitiveness for Department of Defense (DoD) contracts. Moving forward, Sanmina intends to explore additional applications, such as implementing custom risk assessments for all vendors. Review collected by and hosted on G2.com.

I don't have any strong dislikes; they are willing to meet with their customers and accept feedback to improve their product. Every request I have made has been added to their roadmap for a future release. Review collected by and hosted on G2.com.

While SOC 2 compliance takes a lot of work, Strike Graph eased our load by providing a easy-to-use system that organizes and reports on our data clearly so that it is easy to find outstanding tasks and to collaborate. The Strike Graph team is always helpful and quickly answered our questions. Topping this off, if we decide to add more compliance frameworks, the Strike Graph system can use our current answers to give us a head start.

We've also been using the new feature where we upload security compliance forms from our customers to get initial results filled in based on info we already have in Strike Graph. This feature saves a lot of time! Review collected by and hosted on G2.com.

We did not find any issues that the Strike Graph team was unable to help us understand. Review collected by and hosted on G2.com.

When you first sign in to your Strike Graph portal, you can immediately see how beautifully everything is setup. Easy to understand and follow along. The controls section links seamlessly with the evidence section, giving you quick access to everyting you are going to need. Strike Graph also supplies templates that are simple to work with and update.

The best part of Strike Graph though is the team behind it. I had the pleasure of working with two Customer Success team members and they were both amazing. Lisa Ash, in particular, made the process so much easier than i thought it was going to be. When i started our company's SOC certification journey...it was daunting to say the least. Lisa expertly guided me on what to focus on, what was necessary, and the best way to work my way forward. Our company wouldn't be SOC certified now if it wasn't for Lisa's above-and-beyond support. I can't thank her enough! Review collected by and hosted on G2.com.

I cannot think of one thing that was "bad" or "off" about Strike Graph. Highly recommend the service. Review collected by and hosted on G2.com.

Having all my reminders centralized in one place, like the Compliance Dashboard, has made it much easier to stay organized and keep track of everything. I really appreciate being able to upload all common file formats using drag and drop. The ability to assign issues to specific users is extremely useful, and the email notifications about expiring evidence are a great help. Thank you for making SOC2 compliance so much less time-consuming. Review collected by and hosted on G2.com.

I've encountered some difficulties when trying to set up automated evidence collection. However, I believe these issues are likely related to the security measures in place on our company's intranet. Review collected by and hosted on G2.com.

What I like best about Strikegraph is how seamlessly the platform brings both SOC 2 compliance and penetration testing together in one place. Having a unified solution saves our team significant time and reduces the complexity that usually comes with managing these processes separately. The user interface is intuitive, making it easy to track our progress and ensure all requirements are met. I’m particularly impressed with the depth of expertise the Strikegraph team brings—they offer clear, actionable guidance not just for SOC 2 but also for pen testing, making the entire compliance and security journey much more manageable and efficient. Review collected by and hosted on G2.com.

While our experience with Strikegraph has been overwhelmingly positive, one area for improvement might be further streamlining the integration of SOC 2 compliance tasks and penetration testing workflows. Initially, it required some effort to get our team fully up to speed on how both components—compliance and pen testing—fit together within the platform. Additional tailored onboarding resources or more detailed walkthroughs for managing both SOC 2 and penetration testing in parallel would be helpful. Nonetheless, the Strikegraph support team has always been responsive in addressing any questions or challenges we encountered. Review collected by and hosted on G2.com.

Strike Graph provides a structured and logical approach to compliance management. The way controls and evidence are connected makes it much easier to understand requirements and stay organized. The dashboard gives a clear view of progress, which helps our team prioritize effectively. Review collected by and hosted on G2.com.

Nothing significant. Any small questions we had were addressed quickly by their team. Review collected by and hosted on G2.com.

The Strike Graph platform is very intuitive and easy to use. Our reps walked us through every aspect of the platform, and explained the whole process of getting SOC2 certification. Even though it's overwhelming, their help documentation and extensive templates for every policy or compliance email you may need has made getting our documentation in order much faster than writing everything from scratch. Review collected by and hosted on G2.com.

It would be nice to have a bit more handholding, but honestly they have provided so many resources and online guidance that it's really unnecessary. And customer support is fantastic if you have a question. Review collected by and hosted on G2.com.

My colleagues at Medadept and I appreciate the personal attention the Strike Graph team offered through our two SOC 2 audit engagements in 2025. Review collected by and hosted on G2.com.

The online Strike Graph platform has a lot of moving parts that requires some learning time. Again, their personalized support was valuable in getting through the learning curve, Review collected by and hosted on G2.com.

The Strike Graph UI is very intuitive & user-friendly. Things like drag and drop make it very easy to load evidence. The policy templates were an AMAZING help. Review collected by and hosted on G2.com.

If you deactivate evidence for one control, it will deactivate for all controls. I believe this is a bug and can be improved upon for ease & user experience. Review collected by and hosted on G2.com.