Thoropass
ThoropassReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
562 reviews
from
External reviews are not included in the AWS star rating for the product.
Thoropass Process & Independence
What do you like best about the product?
The Belong For Me likes having all our compliance needs in one platform. The ability to create, edit, collaborate, approve, monitor, and manage most of our governance controls from one platform is a game changer. I painfully spent more than a decade working with Excel files, SharePoint, Google Docs, etc, trying to manage this process with various teams.
Also, the account management team does a great job of helping our team stay on track with our timelines, answering product questions and getting answers to governance questions that we may have. Allie Farrell has done a fantastic job supporting our team.
Finally, having the same organization have an independent audit team and process is also very beneficial to coordinating the entire governance process. Their audit process is as rigorous as that of the elite audit firms I have used with other companies in the past.
Also, the account management team does a great job of helping our team stay on track with our timelines, answering product questions and getting answers to governance questions that we may have. Allie Farrell has done a fantastic job supporting our team.
Finally, having the same organization have an independent audit team and process is also very beneficial to coordinating the entire governance process. Their audit process is as rigorous as that of the elite audit firms I have used with other companies in the past.
What do you dislike about the product?
With a rapidly advancing software platform, trying to keep our team members up to speed with the software changes can be challenging at times. The Thoropass account management team and product webinars have made this process more manageable. Also, the new multi-framework functionality is making the usability of the platform much easier.
What problems is the product solving and how is that benefiting you?
As a SaaS company providing employee engagement-type solutions to Fortune 2000 companies, we know that governance and security controls are paramount to our company's success and trust. Over the past two years, we have utilized the Thoropass solution to create our entire compliance management program from scratch, including becoming SOC 2 Type 2 accredited. We are now moving forward with the GDPR and ISO 27001/2 utilizing the new Thoropass multiframework features. The ability to easily switch back and forth between frameworks makes the process much easier and faster.
Without a solution (software, support, and audit) like Thoropass, we could not have achieved our SOC 2 Type 2 goals in the timeframe mandated by our customers. In addition, we could not achieve GDPR or ISO 27001/2 compliance in the same calendar year if we did not have Thoropass as a solution provider.
Without a solution (software, support, and audit) like Thoropass, we could not have achieved our SOC 2 Type 2 goals in the timeframe mandated by our customers. In addition, we could not achieve GDPR or ISO 27001/2 compliance in the same calendar year if we did not have Thoropass as a solution provider.
Great team, smooth process
What do you like best about the product?
Portal, process, ease of use, customer support
What do you dislike about the product?
Some glitches on the portal in uploading the evidences
What problems is the product solving and how is that benefiting you?
SoC 2
Thoropass Review: A True Asset for Compliance Beginners & Experts
What do you like best about the product?
As someone new to compliance, Thoropass has been invaluable. Their team excels at answering questions thoroughly and clearly, making complex topics accessible. Regular meetings with them are more than just check-ins; they're full of essential insights and guidance. Additionally, their comprehensive templates are a godsend, simplifying the compliance process significantly. In short, Thoropass is a fantastic partner for anyone navigating the compliance landscape.
What do you dislike about the product?
I have nothing negative to say about Thoropass
What problems is the product solving and how is that benefiting you?
Thoropass has been instrumental in simplifying our journey through complex healthcare SaaS compliance requirements, like SOC 2, HIPAA, and HITRUST. Their expertise not only clarifies these challenging processes but also ensures we adhere to the highest standards, significantly benefiting our operational efficiency and data security. Using Thoropass's system, we were able to easily transition through recent personell changes within our own company.
Perfect for our small startup
What do you like best about the product?
Lots of personal service. Biweekly meetings with the project manager and audit expert as you work through the tasks of developing policies and procedures to achieve compliance. We are a five-person company and we needed lots of advice developing policies and procedures appropriate to our size. We got it from these meetings. We completed our SOC-2 Type 1 audit perfectly.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
What do you dislike about the product?
I've got nothing at all to complain about.
What problems is the product solving and how is that benefiting you?
We required SOC-2 reports to engage with our customer base, who are public companies with their own compliance requirements.
Highly Recommend Thoropass
What do you like best about the product?
The Thoropass team has been extremely helpful, knowledgeable and very accomodating to work with. Wew have worked with them for the opast year and a half and we are extremely satisfied with the help and guidanc they have provided.
What do you dislike about the product?
Honestly we have not encounterted any issues to date with their product or services.
What problems is the product solving and how is that benefiting you?
They have helped us with our SOC 2 Certifications as well as HIPPA and PCI.
Great team & great product! Couldn't have done it without them
What do you like best about the product?
Thoropass was a great asset to completing our SOC2 compliance. The team was knowledgeable and thorough. They helped us stay organized and meet our goals of completing our SOC2 Type 2 within a year. Thoropass made recommendations which helped out team new operational procedures in place, that we didn’t know we needed before. We are now more confident in the security for our team and customers.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
What do you dislike about the product?
Don’t really have anything glaring that I didn’t like but I do think some of the reminders in the platform itself are unreliable. For instance, I can’t really keep up with updating the dates every time we complete an action item.
What problems is the product solving and how is that benefiting you?
Thoropass assisted in our SOC2 compliance and completion
Decent application, but a less satisfying assessment
What do you like best about the product?
Certification data collection was relatively straightforward. Everything necessary to support a SOC2 assessment had its place in the application, and there was a framework in the application to lead users through data collection.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
What do you dislike about the product?
The application wasn't intuitive. Tasks and information were spread across a few parts of the application. Terminology was often incosistent or confusing. It was hard to find the things that needed to be done.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
What problems is the product solving and how is that benefiting you?
We expected Thoropass to quickly and easily lead us through the SOC2 process.
Great tool for Implementing SOC2 at Small Company
What do you like best about the product?
Easy to use tool but the most helpful is the great customer succes team. Always quick to respond and help us on our journey.
What do you dislike about the product?
Some of the monitors are lacking. Could be a bit more robust for action items.
What problems is the product solving and how is that benefiting you?
Thoropass helped us achieve our SOC2 Type 1 and we are actively working toward Type 2 now immediately following. The umbrella company makes it all very simple to schedule.
Essential Platform for Auditing and Compliance
What do you like best about the product?
The tooling is best in class, by a long way, and it's backed up by amazing support. It's so intuitive that no real training is needed, which made it super easy to implement. The integration with our Cloud Service Provider works seamlessly and really helps us visualise our compliance status. I check in on the Thoropass dashboard pretty much every day. The actual audit process itself is the most straightforward and pain-free that I've ever encountered.
What do you dislike about the product?
It's a minor point, but there does appear to be an underlying assumption that Thoropass customers are based in the United States, particularly when generating policies. This is not the case for us and did mean we had to perform some manual localisation in a few places.
What problems is the product solving and how is that benefiting you?
Thoropass has already helped us achieve SOC 2 Type 1 certification and is currently helping us to do the same with Type 2. It is extremely valuable to be able to demonstrate to our customers and potential customers that we meet these industry standards.
Takes the guesswork out of SOC 2 Compliance
What do you like best about the product?
Having both a caring and attentive account manager as well as reviewers made the whole annual SOC 2 compliance process easy to go through. What was originally met with anxiousness and angst turned into a good experience. Their site makes it easy to track the things that need to be updated, uploaded, and addressed for the review.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
We have used Thoropass for 3 cycles now and it's gotten better over time. The speed to finish, clarity to evidence requests, and overall communication has increased. Their integrations with AWS, their own monitors, makes it all easier to use.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
We have used Thoropass for 3 cycles now and it's gotten better over time. The speed to finish, clarity to evidence requests, and overall communication has increased. Their integrations with AWS, their own monitors, makes it all easier to use.
What do you dislike about the product?
Sometimes the turnaround time when the cycle kicks off feels gray. While the team schedules specific dates on when we will do a walkthrough, review, as well as when to expect reports (draft, final), it's unclear if progress is being made. There's nothing in the audit module that shows you "hey, we've looked / we're looking at this ER-XX". You're never sure if it's being actively worked on, so sometimes it feels surprising when you get a slew of messages.
What problems is the product solving and how is that benefiting you?
They make auditing and compliance easier to implement, track, and check. It's nice to have all of it in one place and to know that it produces industry standard documentation and reviews.
showing 341 - 350