What do you like best about the product?

With Thoropass, you have hands-on help to get over the audit hump. The pre-provided reports are great if you've never had a SOC audit before, the testing coverage is broad and the team is extraordinarily helpful. You get the distinct feeling that these folks were auditors first, and software developers second, rather than the other way around.

We arrived having already established our procedures and controls from a traditional audit and had built our engineering processes around those controls. Some of them did not align with the default policies, so we worked with the team to adjust the controls to match making sure the SOC standard was adhered to. This allowed us to stick with our original policy docs that our team was already trained around.

Further, the team continues to meet with you throughout the year so that the Type 2 audit is a breeze and virtually all the materials have been collected over the period already.

Major distinction from Vanta/Drata: they don't insert expensive systems into your AWS or Azure environment for continuous monitoring. I've heard those folks end up costing their customers a lot just in increased AWS costs.

Also, the price is exceptional.

What do you dislike about the product?

We ran into some issues with the actual auditors not wanting to find a policy in our documents because our documents weren't their default standard documents. The tool asks you to link the policy for the auditor to review and many times the auditor came back asking us to screenshot the exact place in the documents where the policy existed rather than reading it themselves. I would have preferred that they reviewed our documents thoroughly before asking for assistance.

What problems is the product solving and how is that benefiting you?

Helps us stay SOC compliant without a huge annual auditor headache