Automate Your SOC2
Readiness Effort

Implementing policies and controls that conform with the AICPA Trust Principles can be a challenge. Making sure your organization is following your policies by testing controls regularly is even more daunting. Strunk’s Policy Manager and Controls Manager solutions were built to transform that process from ordeal to ordinary. We even provide template policies and controls if you don’t already have them. Let Strunk help make your next SOC 2 exam a breeze.

Schedule A Demo Today To Learn More…

Can’t Wait To Talk With Us? Give Us A Call At (877) 485-8808

SERVICE providers are often required to demonstrate they can be trusted to provide their services with a high degree of security, privacy, availability, integrity, and confidentiality, typically by providing the results of a System and Organization Controls (SOC2) report prepared by an independent CPA firm.

Dramatically Streamline Your SOC2 Audits

A SOC2 review can be disruptive as your organization scrambles to provide the auditors the detailed information they require collected from the typical patchwork of spreadsheets, word documents and PDFs that comprise many organizations control systems. StrunkAccess can dramatically streamline this exercise by organizing and automating your compliance process.

StrunkAccess will transform your annual SOC2 review from ordeal to ordinary. Your executive team, board—and you—will sleep better at night knowing your organization has a well-organized, streamlined, and thoroughly-documented compliance management program in place.

Automating Your Compliance Process

  1. Know Your Risks: For most service providers, the standard SOC2 framework identifies the risks your organization must address.
  2. Ensure Policies Mitigate Key Risks: Policy Manager lets you manage your policies in a cloud-hosted database, providing a single source of truth available to everyone who needs access. Policy Manager tracks changes to policies, with redline comparisons and controls over approval. Importantly, Policy Manager enables you to link individual policies and policy provisions back to specific SOC2 criteria, so you are sure you have them covered.
  3. Trust But Verify: Use Controls Manager to document your control procedures for testing policy compliance and recording test results. You can map your control procedures to your policies to make sure you have everything covered. You can map individual controls to multiple policies, since often one control addresses several policies.
  4. Prove It: StrunkAccess makes documenting your compliance process a snap because it organizes all your policies into a database; maps them to the SOC2 criteria or other frameworks; and also maps them to your control procedures and tests of those procedures. It becomes easy to document how your policies cover your risks and your controls ensure your organization is following its policies.

Compliance Commandments

  1. Know your risks
  2. Ensure policies mitigate key risks
  3. Trust, but verify
  4. Prove it

Testimonials

When I was Chief Risk Officer at a $750M bank, we implemented Strunk’s ERM Solution. It brought together all areas of the risk assessment process into one easy to use format and we eliminated the Excel spreadsheets. I highly recommend it for any size bank.

We adopted Strunk’s Policy Manager to centralize all policies and the related policy management functions into one system.  Everything is in one standard format, policy ownership and access is assigned and policy edits, approvals, employee and board review schedules are managed from one location.  Strunk was easy to work with throughout the project and was very open to adding enhancements to their program, adding value to our policy process.

Strunk’s Risk Manager program is a great product that makes the risk assessment process easy to manage and is proving to be very helpful to us.

Our policy and control structure is very complex, having both a broker/dealer and an investment advisory firm. Policy Manager allows us to easily organize a large volume of policies and maintain our control testing documentation all in one convenient place—a significant improvement over our previous process!

Strunk’s implementation of Risk Manager was excellent. Impressive software you all have developed.

Our implementation process was well organized and efficient. Our initial risk assessment template and policy upload were complete in only 8 weeks. The Strunk team was great and we look forward to using these tools!

GRC Software

Risk Assessor

Our family of risk assessment tools automate the complex task of documenting your organization’s current risk profile against relevant risk framework(s) like SOC2, HIPAA, or regulatory requirements.

Policy Manager

Organize your policies into a structured, hierarchical framework, with fine-grained ownership responsibilities, automated change logging, tight access controls and clear links to standards and controls.

Controls Manager

Use Controls Manager to document your procedures for testing policy compliance and recording the results of those tests. Use the calendar feature to schedule testing and to stay on top of your testing program.

Issues Manager

Effective issue and incident management is an important part of successful risk management. Issues Manager is a great tool for tracking issues and incidents, assigning responsibility, and tracking resolution.

Vendor Manager

Vendor Manager provides an automated, practical framework for deciding which vendors to assess in depth; creating online vendor surveys; and assessing residual risk.

Skills Manager

Employee knowledge is critical for policy compliance—if employees don’t know what your policies are, they will be following them only by chance. Skills Manager provides online tools to train your employees on policies and test their knowledge.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.