Strike Graph Reviews & Product Details

The platform makes it easy to organize evidence items across a variety of certifications and frameworks. The examples and descriptions for each evidence item are clear, and most items include a link to a help page that explains what kinds of materials will satisfy the requirements for the control(s) that item is linked to. Being able to link a single evidence item to multiple controls also really helps reduce the overall workload.

Their example policies helped us take information that had been stored in a wide variety of places (and in people’s heads) and pare it down into a manageable set of documents that are easy for our employees to find and use.

Caroline did an excellent job helping us get set up in the beginning. She made what felt like a daunting process manageable, and her attitude was consistently bright.

Edit (1/29/26): The folks I’ve worked with over the last couple of years have all been great, and we really appreciate the insight they provide. Access to support is immediate: you can get solid answers from the browser help, and when you email them you receive a response quickly. The flexibility to organize evidence items according to controls that may span multiple frameworks makes things much easier to respond to client requests. The whole crew has made the audit process as easy and painless as they can.

I've been experimenting with the Security Questionnaire AI tool and it is surprisingly good. You still have a bit of work to do to double-check that the answers really do apply to the question, sometimes it will pull in a control that isn't exactly what the client question is about, but it has been able to identify a good number of solid answers to the questions. Review collected by and hosted on G2.com.

Nothing. The tool has been great and I can't say I ran into any trouble using it. Caroline took down some notes here and there about questions I had while entering information in, but none were show-stoppers and I honestly can't even remember most of what they were.

It would be nice to have an integration for Bitbucket through Atlassian since JIRA is available. I was also a bit bummed that the AWS integrations had to go through Cumulus, which we don't have. Review collected by and hosted on G2.com.

Periodic reminders about expiring evidence is very helpful for staying on top of what evidence needs to be refreshed, when, and how often.

Control- and evidence-assignment makes it simple for different users to look up what has been assigned to them, which controls have been fully/partially satisfied.

The web portal makes it easy to access things from multiple locations.

They've recently improved the interactivity of the website, which makes navigation and multi-tab management easier than it was previously. Review collected by and hosted on G2.com.

A lot of the documentation & examples are focused on AWS and particular products/services, which can make things difficult inexperienced users from organizations that use other options.

The difference between evidence owners & control owners can sometimes cause some confusion, since control owners aren't warned about linked evidence that's expiring - that would be a nice option, since control owners are the ones considered responsible for associated evidence, even if a particular evidence item is assigned to someone different. Review collected by and hosted on G2.com.

The StrikeGraph customer success team was patient and integral in helping me get my compliance plan set up in the system. They were also great to talk through specific compliance challenges with, and they helped me figure out how to meet those requirements in a way that worked for our needs. Overall, the customer support and communication were fantastic. Review collected by and hosted on G2.com.

Like most other compliance platforms, it lacks tools to automate many of the tasks required for on-prem environments. It would be especially helpful to have better integration tools for System Center or VMware. Review collected by and hosted on G2.com.

I found Strike Graph simplifies the SOC2 compliance process, which is something we can't manage on our own. It definitely speeds up the process for us. I appreciate the quick, useful, and straightforward support their team provides, and their website is very good. I recommend Strike Graph for startups and growing companies needing SOC2 compliance, as having an internal compliance team can be too expensive and time-consuming. Everything worked smoothly for our compliance needs, and I'd rate the initial setup a 9 out of 10. I'm also likely to recommend Strike Graph to others, as I rate it a 9 on the recommendation scale. Review collected by and hosted on G2.com.

Some of the templates and forms could be slightly more customizable to fit unique workflows Review collected by and hosted on G2.com.

I really appreciate how Strike Graph simplifies and structures the entire compliance process. It breaks down complex frameworks into clear, actionable tasks, which helps teams easily understand their responsibilities. The centralized evidence management, real-time compliance tracking, and guided workflows significantly stand out as they reduce confusion and manual follow-ups. I also like the clean and intuitive interface that makes it easy for both technical and non-technical users to navigate. The platform does a great job of keeping everyone aligned without overwhelming the team, and the support provided throughout the compliance journey really makes the process feel more manageable. Additionally, Strike Graph fits well into our existing workflow by allowing us to integrate compliance management with the tools we already use, keeping compliance aligned with day-to-day work. Review collected by and hosted on G2.com.

While Strike Graph works well overall, there is a learning curve initially, especially for users who are new to compliance frameworks. Some workflows could be made more flexible to better fit different company processes, and having more in-app guidance or examples for certain controls would help speed up onboarding. Additionally, expanding integrations with more tools would further reduce manual effort and make the platform even more seamless. Review collected by and hosted on G2.com.

The platform is easy to use and makes it clear what is required to meet each control. I also appreciate being able to download and use templates when necessary, as this feature has saved me a significant amount of time. Recently, I have been able to use the questionnaire AI which is extremely helpful. Review collected by and hosted on G2.com.

I do feel that the reporting could be better. I do rely on it much because I do believe it is as accurate as it could be. Improvement is needed there. Review collected by and hosted on G2.com.

Strike Graph is an Enterprise Governance, Risk, and Compliance (GRC) tool that has improved Sanmina's security compliance and risk management across 23 countries, multiple locations, and various frameworks. By centralizing operations and replacing manual tracking, it has significantly simplified compliance, enhanced security, and improved our risk matrix documentation. The platform effectively addresses complex Enterprise Content Management challenges and supports Cybersecurity Maturity Model Certification (CMMC) efforts, including Plans of Action and Milestones (POAMs) and System Security Plans (SSP). Furthermore, a successful pilot program has established Strike Graph as an outsourced Third-Party Risk Management (TPRM) solution, streamlining vendor assessments and compliance reporting.

The impact of Strike Graph is clearly demonstrated through five successful CMMC assessments, where it facilitated the organization and evaluation of over 600 artifacts of evidence at each plant. This has considerably boosted Sanmina's competitiveness for Department of Defense (DoD) contracts. Moving forward, Sanmina intends to explore additional applications, such as implementing custom risk assessments for all vendors. Review collected by and hosted on G2.com.

I don't have any strong dislikes; they are willing to meet with their customers and accept feedback to improve their product. Every request I have made has been added to their roadmap for a future release. Review collected by and hosted on G2.com.

While SOC 2 compliance takes a lot of work, Strike Graph eased our load by providing a easy-to-use system that organizes and reports on our data clearly so that it is easy to find outstanding tasks and to collaborate. The Strike Graph team is always helpful and quickly answered our questions. Topping this off, if we decide to add more compliance frameworks, the Strike Graph system can use our current answers to give us a head start.

We've also been using the new feature where we upload security compliance forms from our customers to get initial results filled in based on info we already have in Strike Graph. This feature saves a lot of time! Review collected by and hosted on G2.com.

We did not find any issues that the Strike Graph team was unable to help us understand. Review collected by and hosted on G2.com.

When you first sign in to your Strike Graph portal, you can immediately see how beautifully everything is setup. Easy to understand and follow along. The controls section links seamlessly with the evidence section, giving you quick access to everyting you are going to need. Strike Graph also supplies templates that are simple to work with and update.

The best part of Strike Graph though is the team behind it. I had the pleasure of working with two Customer Success team members and they were both amazing. Lisa Ash, in particular, made the process so much easier than i thought it was going to be. When i started our company's SOC certification journey...it was daunting to say the least. Lisa expertly guided me on what to focus on, what was necessary, and the best way to work my way forward. Our company wouldn't be SOC certified now if it wasn't for Lisa's above-and-beyond support. I can't thank her enough! Review collected by and hosted on G2.com.

I cannot think of one thing that was "bad" or "off" about Strike Graph. Highly recommend the service. Review collected by and hosted on G2.com.

CMMC has always felt vague to me. Strike Graph broke it down into simple, doable steps that were straightforward and easy to follow. Review collected by and hosted on G2.com.

I only needed CMMC Level 1, but I still had to sort through Level 2 controls because they were never successfully removed from my dashboard. Review collected by and hosted on G2.com.