Strike Graph Reviews & Product Details

I appreciate the way Strike Graph tracks progress and shows what items need the most attention. This feature helps me see how practical completion is and understand where we stand, especially since there are so many items involved in an audit. The initial setup was good, and I find it valuable for obtaining a SOC II certification. Review collected by and hosted on G2.com.

I find it challenging to better see which outstanding items are applied to multiple controls. It only shows it as outstanding for one control instead of both, which makes it look like there’s more than one evidence needed when it’s really the same evidence for more than one control. Review collected by and hosted on G2.com.

I have been using Strike Graph for risk management and SOC2 Type1 and Type 2 Compliance for a couple of years, and it has been a great experience. I like the simplicity of the design and how compliance can be done effortlessly. The way document collection works is impressive, and I find it easy to track responsibility and timelines. It also provides a huge number of documents and all kinds of templates for our use. The support is awesome, with our account manager always being responsive and patient. Additionally, the initial setup was super easy, which was a big plus for our team. Review collected by and hosted on G2.com.

There are small things on the document automatic collection. We have it integrated with our SharePoint / OneDrive, but it could be more helpful if the function can be enhanced. I am hoping it can automatically collect all documents under one folder, not just limited to one file. Review collected by and hosted on G2.com.

The platform makes it easy to organize evidence items across a variety of certifications and frameworks. The examples and descriptions for each evidence item are clear, and most items include a link to a help page that explains what kinds of materials will satisfy the requirements for the control(s) that item is linked to. Being able to link a single evidence item to multiple controls also really helps reduce the overall workload.

Their example policies helped us take information that had been stored in a wide variety of places (and in people’s heads) and pare it down into a manageable set of documents that are easy for our employees to find and use.

Caroline did an excellent job helping us get set up in the beginning. She made what felt like a daunting process manageable, and her attitude was consistently bright.

Edit (1/29/26): The folks I’ve worked with over the last couple of years have all been great, and we really appreciate the insight they provide. Access to support is immediate: you can get solid answers from the browser help, and when you email them you receive a response quickly. The flexibility to organize evidence items according to controls that may span multiple frameworks makes things much easier to respond to client requests. The whole crew has made the audit process as easy and painless as they can.

I've been experimenting with the Security Questionnaire AI tool and it is surprisingly good. You still have a bit of work to do to double-check that the answers really do apply to the question, sometimes it will pull in a control that isn't exactly what the client question is about, but it has been able to identify a good number of solid answers to the questions. Review collected by and hosted on G2.com.

Nothing. The tool has been great and I can't say I ran into any trouble using it. Caroline took down some notes here and there about questions I had while entering information in, but none were show-stoppers and I honestly can't even remember most of what they were.

It would be nice to have an integration for Bitbucket through Atlassian since JIRA is available. I was also a bit bummed that the AWS integrations had to go through Cumulus, which we don't have. Review collected by and hosted on G2.com.

Periodic reminders about expiring evidence is very helpful for staying on top of what evidence needs to be refreshed, when, and how often.

Control- and evidence-assignment makes it simple for different users to look up what has been assigned to them, which controls have been fully/partially satisfied.

The web portal makes it easy to access things from multiple locations.

They've recently improved the interactivity of the website, which makes navigation and multi-tab management easier than it was previously. Review collected by and hosted on G2.com.

A lot of the documentation & examples are focused on AWS and particular products/services, which can make things difficult inexperienced users from organizations that use other options.

The difference between evidence owners & control owners can sometimes cause some confusion, since control owners aren't warned about linked evidence that's expiring - that would be a nice option, since control owners are the ones considered responsible for associated evidence, even if a particular evidence item is assigned to someone different. Review collected by and hosted on G2.com.

I found the compliance document templates extremely helpful in establishing a framework and creating policies that address the necessary controls. The system itself is very helpful in understanding what needs to be done to meet the compliance needs of various frameworks, and where there is potential overlap. Support is always prompt and helpful as well. Review collected by and hosted on G2.com.

These frameworks are still complex and while Strikegraph does a great job brining things together and making them consumable, support is still needed to unravel the complexities. I would appreciate a mechanism to prompt for updates to templates, new best practices, etc. for already established frameworks. Review collected by and hosted on G2.com.

The StrikeGraph customer success team was patient and integral in helping me get my compliance plan set up in the system. They were also great to talk through specific compliance challenges with, and they helped me figure out how to meet those requirements in a way that worked for our needs. Overall, the customer support and communication were fantastic. Review collected by and hosted on G2.com.

Like most other compliance platforms, it lacks tools to automate many of the tasks required for on-prem environments. It would be especially helpful to have better integration tools for System Center or VMware. Review collected by and hosted on G2.com.

They are very proactive and helpful with our team. Strike Graph is always there with us when we are having hard times regarding our evidence and controls. Review collected by and hosted on G2.com.

None that I can think of. Strike Graph is always active in helping us. Review collected by and hosted on G2.com.

I found Strike Graph simplifies the SOC2 compliance process, which is something we can't manage on our own. It definitely speeds up the process for us. I appreciate the quick, useful, and straightforward support their team provides, and their website is very good. I recommend Strike Graph for startups and growing companies needing SOC2 compliance, as having an internal compliance team can be too expensive and time-consuming. Everything worked smoothly for our compliance needs, and I'd rate the initial setup a 9 out of 10. I'm also likely to recommend Strike Graph to others, as I rate it a 9 on the recommendation scale. Review collected by and hosted on G2.com.

Some of the templates and forms could be slightly more customizable to fit unique workflows Review collected by and hosted on G2.com.

I really appreciate how Strike Graph simplifies and structures the entire compliance process. It breaks down complex frameworks into clear, actionable tasks, which helps teams easily understand their responsibilities. The centralized evidence management, real-time compliance tracking, and guided workflows significantly stand out as they reduce confusion and manual follow-ups. I also like the clean and intuitive interface that makes it easy for both technical and non-technical users to navigate. The platform does a great job of keeping everyone aligned without overwhelming the team, and the support provided throughout the compliance journey really makes the process feel more manageable. Additionally, Strike Graph fits well into our existing workflow by allowing us to integrate compliance management with the tools we already use, keeping compliance aligned with day-to-day work. Review collected by and hosted on G2.com.

While Strike Graph works well overall, there is a learning curve initially, especially for users who are new to compliance frameworks. Some workflows could be made more flexible to better fit different company processes, and having more in-app guidance or examples for certain controls would help speed up onboarding. Additionally, expanding integrations with more tools would further reduce manual effort and make the platform even more seamless. Review collected by and hosted on G2.com.

The platform is easy to use and makes it clear what is required to meet each control. I also appreciate being able to download and use templates when necessary, as this feature has saved me a significant amount of time. Recently, I have been able to use the questionnaire AI which is extremely helpful. Review collected by and hosted on G2.com.

I do feel that the reporting could be better. I do rely on it much because I do believe it is as accurate as it could be. Improvement is needed there. Review collected by and hosted on G2.com.