Strategy Overview Security Overview & Assessment

Prepared by: Dimitri Markov - CTO

Company: Strategy Overview LLC

Website: https://www.strategyoverview.com

Address: 925 Westchester Ave, Suite 100, White Plains, NY 10604

Founded in 2016, Strategy Overview emerged from a managed service provider’s need for better strategic planning and client communication tools. The result is a cloud-native SaaS platform that transforms manual IT strategy and QBR processes into automated, data-driven client experiences. Today, we serve MSPs and enterprise IT organizations globally, providing vCIO enablement, QBR automation, asset lifecycle management, and client engagement portals that enhance visibility, accountability, and business alignment.

Strategy Overview operates entirely within Microsoft Azure, leveraging its enterprise-grade infrastructure, compliance certifications, and security capabilities. Data is hosted across U.S. and EU Azure regions with geo-redundancy, multi-region failover, and compliance with SOC 1/2/3, ISO 27001, ISO 22301, and FedRAMP standards. Core components include Azure App Services, Azure SQL, Storage, Redis, Key Vault, Firewall, Defender for Cloud, and Azure Policy. Data at rest is encrypted (AES-256) and in transit (TLS 1.2+).

Strategy Overview follows a defense-in-depth model aligned with SOC 2, ISO 27001, and NIST frameworks. Policies include an Information Security Policy (reviewed July 2025), Access Control Policy, Incident Response Plan (IRP), and Disaster Recovery & Business Continuity Plan. SOC 2 Type II certification is targeted within the next year.

Customer data remains the exclusive property of the client and is never used for model training. HIPAA-aligned controls are in place, and BAAs can be signed upon request. Encryption at rest (AES-256) and in transit (TLS 1.2+) is enforced, with Azure Key Vault managing secret rotation. Access control is managed via Azure AD with MFA, RBAC, and audit logging.

Continuous monitoring is maintained through Azure Monitor and Defender for Cloud with SIEM integration. Vulnerability scanning, penetration tests, and automated CI/CD dependency checks are part of our lifecycle. Incident response is structured per NIST 800-61, with detection, containment, eradication, recovery, and post-incident review phases. Clients are notified within 72 hours of any confirmed incident.

Strategy Overview maintains ISO 22301-aligned DR and BCP programs leveraging Azure’s redundancy, automated backups, and site recovery. Annual tests are conducted each July with no recovery incidents in the past two years.

Our controls align with SOC 2, ISO 27001, HIPAA, and NIST. We maintain cyber liability, E&O;, and business insurance coverage. Annual risk assessments are conducted by executive leadership with continuous monitoring by our MSP partner.

All staff and contractors undergo background checks and mandatory security and privacy training. All devices are encrypted, MDM-enforced, and follow least-privilege access models.

We integrate with trusted providers: SendGrid (email), Stripe (payments, PCI-DSS), Intercom (communications), Profitwell (analytics), Datadog (UI logs monitoring – includes limited personal data such as customer emails, devices, and OS), and platform.openAI (used for Ask Arya AI feature to analyze client asset data such as computers, servers, and other IT assets). Each vendor undergoes review for security and compliance posture.

Strategy Overview is committed to maintaining confidentiality, integrity, and availability of customer data. We proactively align with industry standards, maintain transparency, and continually enhance our cybersecurity framework.