Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Great team, smooth process
What do you like best about the product?
Portal, process, ease of use, customer support
What do you dislike about the product?
Some glitches on the portal in uploading the evidences
What problems is the product solving and how is that benefiting you?
SoC 2
- Leave a Comment |
- Mark review as helpful
Thoropass Review: A True Asset for Compliance Beginners & Experts
What do you like best about the product?
As someone new to compliance, Thoropass has been invaluable. Their team excels at answering questions thoroughly and clearly, making complex topics accessible. Regular meetings with them are more than just check-ins; they're full of essential insights and guidance. Additionally, their comprehensive templates are a godsend, simplifying the compliance process significantly. In short, Thoropass is a fantastic partner for anyone navigating the compliance landscape.
What do you dislike about the product?
I have nothing negative to say about Thoropass
What problems is the product solving and how is that benefiting you?
Thoropass has been instrumental in simplifying our journey through complex healthcare SaaS compliance requirements, like SOC 2, HIPAA, and HITRUST. Their expertise not only clarifies these challenging processes but also ensures we adhere to the highest standards, significantly benefiting our operational efficiency and data security. Using Thoropass's system, we were able to easily transition through recent personell changes within our own company.
Perfect for our small startup
What do you like best about the product?
Lots of personal service. Biweekly meetings with the project manager and audit expert as you work through the tasks of developing policies and procedures to achieve compliance. We are a five-person company and we needed lots of advice developing policies and procedures appropriate to our size. We got it from these meetings. We completed our SOC-2 Type 1 audit perfectly.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
What do you dislike about the product?
I've got nothing at all to complain about.
What problems is the product solving and how is that benefiting you?
We required SOC-2 reports to engage with our customer base, who are public companies with their own compliance requirements.
Highly Recommend Thoropass
What do you like best about the product?
The Thoropass team has been extremely helpful, knowledgeable and very accomodating to work with. Wew have worked with them for the opast year and a half and we are extremely satisfied with the help and guidanc they have provided.
What do you dislike about the product?
Honestly we have not encounterted any issues to date with their product or services.
What problems is the product solving and how is that benefiting you?
They have helped us with our SOC 2 Certifications as well as HIPPA and PCI.
Great team & great product! Couldn't have done it without them
What do you like best about the product?
Thoropass was a great asset to completing our SOC2 compliance. The team was knowledgeable and thorough. They helped us stay organized and meet our goals of completing our SOC2 Type 2 within a year. Thoropass made recommendations which helped out team new operational procedures in place, that we didn’t know we needed before. We are now more confident in the security for our team and customers.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
What do you dislike about the product?
Don’t really have anything glaring that I didn’t like but I do think some of the reminders in the platform itself are unreliable. For instance, I can’t really keep up with updating the dates every time we complete an action item.
What problems is the product solving and how is that benefiting you?
Thoropass assisted in our SOC2 compliance and completion
Decent application, but a less satisfying assessment
What do you like best about the product?
Certification data collection was relatively straightforward. Everything necessary to support a SOC2 assessment had its place in the application, and there was a framework in the application to lead users through data collection.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
What do you dislike about the product?
The application wasn't intuitive. Tasks and information were spread across a few parts of the application. Terminology was often incosistent or confusing. It was hard to find the things that needed to be done.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
What problems is the product solving and how is that benefiting you?
We expected Thoropass to quickly and easily lead us through the SOC2 process.
Great tool for Implementing SOC2 at Small Company
What do you like best about the product?
Easy to use tool but the most helpful is the great customer succes team. Always quick to respond and help us on our journey.
What do you dislike about the product?
Some of the monitors are lacking. Could be a bit more robust for action items.
What problems is the product solving and how is that benefiting you?
Thoropass helped us achieve our SOC2 Type 1 and we are actively working toward Type 2 now immediately following. The umbrella company makes it all very simple to schedule.
Essential Platform for Auditing and Compliance
What do you like best about the product?
The tooling is best in class, by a long way, and it's backed up by amazing support. It's so intuitive that no real training is needed, which made it super easy to implement. The integration with our Cloud Service Provider works seamlessly and really helps us visualise our compliance status. I check in on the Thoropass dashboard pretty much every day. The actual audit process itself is the most straightforward and pain-free that I've ever encountered.
What do you dislike about the product?
It's a minor point, but there does appear to be an underlying assumption that Thoropass customers are based in the United States, particularly when generating policies. This is not the case for us and did mean we had to perform some manual localisation in a few places.
What problems is the product solving and how is that benefiting you?
Thoropass has already helped us achieve SOC 2 Type 1 certification and is currently helping us to do the same with Type 2. It is extremely valuable to be able to demonstrate to our customers and potential customers that we meet these industry standards.
Takes the guesswork out of SOC 2 Compliance
What do you like best about the product?
Having both a caring and attentive account manager as well as reviewers made the whole annual SOC 2 compliance process easy to go through. What was originally met with anxiousness and angst turned into a good experience. Their site makes it easy to track the things that need to be updated, uploaded, and addressed for the review.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
What do you dislike about the product?
Sometimes it's not clear what is acceptable in terms of "documentation" or "evidence" for the SOC 2 review. There are times when you have to interpret the spirit of what is being asked and every year the requirements aren't the same, meaning you can't do what you did last year and expect an automatic pass. While it makes sense that approvals evolve annually, there are delays in getting responses and it's understandably nervewracking to not know if what you submitted was "right" or "good enough".
While the site provides examples in text, having visual examples could prove to be even more helpful.
While the site provides examples in text, having visual examples could prove to be even more helpful.
What problems is the product solving and how is that benefiting you?
They make auditing and compliance easier to implement, track, and check. It's nice to have all of it in one place and to know that it produces industry standard documentation and reviews.
Great streamlined process to get your SOC compliance completed
What do you like best about the product?
SOC Compliance is a very intimitading task. We were hand held every step of the way. I worked with many of their specialists all who are excellent and patient. Ease of use, ease of implementation was on point and they were really competively priced compared to other solutions. What we liked about our experience is that the audit was included as part of the service!
What do you dislike about the product?
I do not have anything that we disliked. I would recommend them to everyone!
What problems is the product solving and how is that benefiting you?
We now can get through due diligence really fast with our potential clients due to the completed SOC compliance.
showing 151 - 160