Thoropass
ThoropassReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
557 reviews
from
External reviews are not included in the AWS star rating for the product.
Great team & great product! Couldn't have done it without them
What do you like best about the product?
Thoropass was a great asset to completing our SOC2 compliance. The team was knowledgeable and thorough. They helped us stay organized and meet our goals of completing our SOC2 Type 2 within a year. Thoropass made recommendations which helped out team new operational procedures in place, that we didn’t know we needed before. We are now more confident in the security for our team and customers.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
What do you dislike about the product?
Don’t really have anything glaring that I didn’t like but I do think some of the reminders in the platform itself are unreliable. For instance, I can’t really keep up with updating the dates every time we complete an action item.
What problems is the product solving and how is that benefiting you?
Thoropass assisted in our SOC2 compliance and completion
Decent application, but a less satisfying assessment
What do you like best about the product?
Certification data collection was relatively straightforward. Everything necessary to support a SOC2 assessment had its place in the application, and there was a framework in the application to lead users through data collection.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
What do you dislike about the product?
The application wasn't intuitive. Tasks and information were spread across a few parts of the application. Terminology was often incosistent or confusing. It was hard to find the things that needed to be done.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
What problems is the product solving and how is that benefiting you?
We expected Thoropass to quickly and easily lead us through the SOC2 process.
Great tool for Implementing SOC2 at Small Company
What do you like best about the product?
Easy to use tool but the most helpful is the great customer succes team. Always quick to respond and help us on our journey.
What do you dislike about the product?
Some of the monitors are lacking. Could be a bit more robust for action items.
What problems is the product solving and how is that benefiting you?
Thoropass helped us achieve our SOC2 Type 1 and we are actively working toward Type 2 now immediately following. The umbrella company makes it all very simple to schedule.
Essential Platform for Auditing and Compliance
What do you like best about the product?
The tooling is best in class, by a long way, and it's backed up by amazing support. It's so intuitive that no real training is needed, which made it super easy to implement. The integration with our Cloud Service Provider works seamlessly and really helps us visualise our compliance status. I check in on the Thoropass dashboard pretty much every day. The actual audit process itself is the most straightforward and pain-free that I've ever encountered.
What do you dislike about the product?
It's a minor point, but there does appear to be an underlying assumption that Thoropass customers are based in the United States, particularly when generating policies. This is not the case for us and did mean we had to perform some manual localisation in a few places.
What problems is the product solving and how is that benefiting you?
Thoropass has already helped us achieve SOC 2 Type 1 certification and is currently helping us to do the same with Type 2. It is extremely valuable to be able to demonstrate to our customers and potential customers that we meet these industry standards.
Takes the guesswork out of SOC 2 Compliance
What do you like best about the product?
Having both a caring and attentive account manager as well as reviewers made the whole annual SOC 2 compliance process easy to go through. What was originally met with anxiousness and angst turned into a good experience. Their site makes it easy to track the things that need to be updated, uploaded, and addressed for the review.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
We have used Thoropass for 3 cycles now and it's gotten better over time. The speed to finish, clarity to evidence requests, and overall communication has increased. Their integrations with AWS, their own monitors, makes it all easier to use.
It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so.
We have used Thoropass for 3 cycles now and it's gotten better over time. The speed to finish, clarity to evidence requests, and overall communication has increased. Their integrations with AWS, their own monitors, makes it all easier to use.
What do you dislike about the product?
Sometimes the turnaround time when the cycle kicks off feels gray. While the team schedules specific dates on when we will do a walkthrough, review, as well as when to expect reports (draft, final), it's unclear if progress is being made. There's nothing in the audit module that shows you "hey, we've looked / we're looking at this ER-XX". You're never sure if it's being actively worked on, so sometimes it feels surprising when you get a slew of messages.
What problems is the product solving and how is that benefiting you?
They make auditing and compliance easier to implement, track, and check. It's nice to have all of it in one place and to know that it produces industry standard documentation and reviews.
Great streamlined process to get your SOC compliance completed
What do you like best about the product?
SOC Compliance is a very intimitading task. We were hand held every step of the way. I worked with many of their specialists all who are excellent and patient. Ease of use, ease of implementation was on point and they were really competively priced compared to other solutions. What we liked about our experience is that the audit was included as part of the service!
What do you dislike about the product?
I do not have anything that we disliked. I would recommend them to everyone!
What problems is the product solving and how is that benefiting you?
We now can get through due diligence really fast with our potential clients due to the completed SOC compliance.
Only way to do a SOC2 Audit
What do you like best about the product?
The new Thoropass system is really so easy to use and I was able to get through the SOC2 Type1 Audit very efficiently.
It also helped tremendously to have a wonderful Account Rep and the rest of the support staff. I felt like they really understood our business and help guide us every step of the way.
Doing an audit such as this is extremely onerous and Thoropass made is managable.
It also helped tremendously to have a wonderful Account Rep and the rest of the support staff. I felt like they really understood our business and help guide us every step of the way.
Doing an audit such as this is extremely onerous and Thoropass made is managable.
What do you dislike about the product?
The original Leika software and documents were really hard to manage and I was about to give up. However, the new Thoropass process for both Security Policies and Employee Handbook made SOC2 Type1 achievable.
What problems is the product solving and how is that benefiting you?
By streamlining the process for SOC2 Type 1 I was able to get through the audit in a timely fashion.
Fantastic buying, customer success, and policy formation experience!
What do you like best about the product?
The support our team received from beginning to end in establishing our policies and procedures, working through integrative partners and penetration testing, and executing our final HIPAA report. Danny Hosek and Erin Conway were available, communicative, and provided clear direction, while also being incredibly relational and encouraging throughout the process.
What do you dislike about the product?
It was a LOT of policies and procedures at the beginning, but it was still pretty good timing as they synthesized and reduced a lot of their templates during onboarding.
What problems is the product solving and how is that benefiting you?
As a software in the behavioral health space, we needed a tool to organize and execute all things HIPAA compliance related. The provided us the techology, infrastructure, vendors list, and support to make that happen.
Smooth experience
What do you like best about the product?
One of the standout features of Thoropass is its intuitive and streamlined SOC2 compliance management dashboard.
What do you dislike about the product?
Depending on its pricing model, users may dislike Thoropass if they find it expensive, especially if it doesn't offer sufficient value for the price.
What problems is the product solving and how is that benefiting you?
Helping with building policies for SOC2. However lack of automation was an issue
A Beacon of Expertise in SOC 2 Certification!
What do you like best about the product?
Deep-rooted knowledge in SOC 2 Type 1 & 2 certification.
Seamless guidance through each certification step.
Transforms an arduous task into a manageable one.
Precise and timely in their processes.
Seamless guidance through each certification step.
Transforms an arduous task into a manageable one.
Precise and timely in their processes.
What do you dislike about the product?
Some initial complexities in the provided tools and dashboard.
What problems is the product solving and how is that benefiting you?
What problems is Thoropass solving?
Thoropass simplified the intricate process of achieving SOC 2 Type 1 & 2 certification.
They provided expertise in navigating the complexities of the certification process.
They ensured EZ Cloud not only obtained the certification but also understand its significance.
How is that benefiting you?
By partnering with Thoropass, the typically challenging and time-consuming certification process became manageable and streamlined.
Their deep-rooted knowledge instilled confidence, ensuring we're compliant with industry standards.
Their consultative approach educated and empowered our business, helping us better communicate the significance of SOC 2 certification to stakeholders.
The trust and credibility gained from achieving SOC 2 certification, with Thoropass's help, has lead to more business opportunities and greater stakeholder trust.
Thoropass simplified the intricate process of achieving SOC 2 Type 1 & 2 certification.
They provided expertise in navigating the complexities of the certification process.
They ensured EZ Cloud not only obtained the certification but also understand its significance.
How is that benefiting you?
By partnering with Thoropass, the typically challenging and time-consuming certification process became manageable and streamlined.
Their deep-rooted knowledge instilled confidence, ensuring we're compliant with industry standards.
Their consultative approach educated and empowered our business, helping us better communicate the significance of SOC 2 certification to stakeholders.
The trust and credibility gained from achieving SOC 2 certification, with Thoropass's help, has lead to more business opportunities and greater stakeholder trust.
showing 341 - 350