# Thoropass Reviews **Vendor:** Thoropass **Category:** [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance) **Average Rating:** 4.7/5.0 **Total Reviews:** 578 ## About Thoropass Thoropass is a modern compliance audit firm that helps organizations of all sizes build and prove trust with high-quality audits, expert guidance, and integrated security services. Combining deep auditor expertise with intuitive technology, Thoropass delivers a streamlined path to achieving and maintaining compliance with frameworks including SOC 1, SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST, GDPR, CMMC, Cyber Essentials, PCI DSS, and others. As a licensed CPA firm and CREST-accredited provider, Thoropass brings a level of credibility and rigor that scales from fast-growing startups to complex, regulated enterprises. Our auditors, security engineers, and compliance experts partner closely with customers to simplify evidence collection, reduce audit friction, and ensure results that stand up to regulator, partner, and customer scrutiny. Beyond audits, Thoropass supports the full trust-building lifecycle with penetration testing, risk assessment, access reviews, AI governance assessments, and questionnaire automation—helping teams unify compliance operations without relying on multiple vendors. Organizations choose Thoropass for our responsive expert support, consistent audit outcomes, and a service experience built for modern security and compliance teams. Thoropass is trusted by thousands of companies to prove compliance, strengthen security posture, and confidently meet the expectations of customers, auditors, and regulators. ## Thoropass Pros & Cons **What users like:** - Users highlight the **ease of use** of Thoropass, appreciating its intuitive layout and straightforward navigation. (115 reviews) - Users highlight the **excellent support** and user-friendly dashboard of Thoropass, enhancing their audit experience significantly. (108 reviews) - Users commend Thoropass for its **exceptional customer support** , enhancing the overall experience and project management effectiveness. (89 reviews) - Users commend Thoropass for its **robust integrations** , greatly enhancing their compliance processes across multiple cloud platforms. (70 reviews) - Users commend the **helpful and responsive team** at Thoropass, enhancing the overall user experience significantly. (54 reviews) - Users value the **time-saving integration capabilities** of Thoropass, streamlining compliance processes effectively and efficiently. (52 reviews) - Evidence Management (49 reviews) - Integrations (47 reviews) - Timely (47 reviews) - Intuitive (46 reviews) **What users dislike:** - Users find a **lack of clarity** in requirements, leading to confusion during compliance processes with Thoropass. (18 reviews) - Users experience **integration issues** , including unidirectional sync and occasional breaks requiring reauthentication, impacting efficiency. (17 reviews) - Users face **audit issues** such as document duplication and delays in receiving audit statements, affecting their overall experience. (15 reviews) - Users feel that Thoropass has significant **improvements needed** in design and flexibility compared to its competitors. (14 reviews) - Users find **limited integrations** with non-major software a challenge, requiring extra efforts to manage information. (14 reviews) - Difficult Learning (13 reviews) - Users find the **missing features** of Thoropass limiting, particularly regarding external integrations and custom monitors. (13 reviews) - Not Intuitive (13 reviews) - Difficult Initiation (12 reviews) - Users find the **learning curve** of Thoropass challenging, making adaptation to the platform time-consuming. (12 reviews) ## Thoropass Reviews ### 1. Centralizes Compliance Tasks Efficiently **Rating:** 5.0/5.0 stars **Reviewed by:** Monica . | Co-founder, Small-Business (50 or fewer emp.) **Reviewed Date:** March 19, 2025 **What do you like best about Thoropass?** I really like that Thoropass centralizes all the tasks, policies, and procedures into one place and notifies us on time when we need to take action. It's helpful that the entire team has access to contribute to creating or updating policies and procedures, and it keeps us on track with security controls, which benefits our company's tech infrastructure. The initial setup was pretty straightforward, though it took some time to customize with our company's specifics. **What do you dislike about Thoropass?** There were some glitches in the past related to menus overlapping information, but these were solved in a timely manner. One suggestion is related to the simplification (in terms of UX experience) of the tasks to be performed in one place, making it easier to take action. **What problems is Thoropass solving and how is that benefiting you?** Thoropass solves keeping security controls up to date and provides a framework for security audits. It centralizes tasks and policies, reduces manual work, and keeps us on track, enhancing our tech infrastructure's security. ### 2. Best compliance portal till date. **Rating:** 5.0/5.0 stars **Reviewed by:** Dushmanta s. | Quality Engineer Manager, Mid-Market (51-1000 emp.) **Reviewed Date:** April 03, 2025 **What do you like best about Thoropass?** Mostly the UI and Navigation modules. Ease of uploading documents and sharing comments with the CSM and auditors.During our compliance, we used to login frequently and we never faced any challenges. The customer support was Swift and our queries were clarified in no time. The integration module was so simple that any non technical person can also integrate different service provider with Thoropass without any support. the ease of implementation different compliance module and uploading supporting docs is super easy and convinient **What do you dislike about Thoropass?** As of now, we have been using it for around 3 years, We never faced any issues so far. **What problems is Thoropass solving and how is that benefiting you?** Its mainly helping us in achieving the compliance certification needed for our organisation. Also with the integrations its helping us to eradicate any issues with out CSP. Its send notifications to us whenever there is an issue with our CSP or if some configurations are not properly set. Instead of checking different instances, server of configuration, it helps us in monitoring everything at a single place. ### 3. Awesome attention to detail and support from Victoria and our main SOC 2 Auditor, Yeska. **Rating:** 5.0/5.0 stars **Reviewed by:** Andres V. | Compliance Analyst, Mid-Market (51-1000 emp.) **Reviewed Date:** August 06, 2025 **What do you like best about Thoropass?** As of now, it has been an awesome tool to get track of every single requirement on our Compliance roadmap and to take ownership on these processes. **What do you dislike about Thoropass?** Maybe not a dislike but a suggestion, that somehow it could be even more resourceful if the alerts can be connected to Slack-Asana natively. So we can have a more close follow-up on the notifications, not only by email-console. **What problems is Thoropass solving and how is that benefiting you?** As of now, our Compliance scope is getting broader and, under this situation, keeping compliant with all the applicable regulatory requirements is more valuable than ever in this ever-changing environment that we are living these days, so we need to keep up with our certifications as we expand. Thoropass has been a powerful ally for making this possible, the ease of use, the simplicity of the roadmaps to obtain the desired results and the comprehensive support and guidance is making our life way easier. ### 4. Thoropass: A Comprehensive, Intuitive Audit Platform with Exceptional Support **Rating:** 5.0/5.0 stars **Reviewed by:** Willis A. | evp and head of legal & compliance, Mid-Market (51-1000 emp.) **Reviewed Date:** February 26, 2026 **What do you like best about Thoropass?** 1. Comprehensive and TRUSTED by the business community one-stop solution that covers and provides: 1. comprehensive and detailed audit; 2. reports with certified badges, 3. an actual legally binding audit certification (no need to find another accounting audit firm to provide = HUGE BONUS!)l; and 4. ongoing support team (we use it). 2. Professional Account Managers stay on top of the process from the start to the finish, checking in along the way to keep all stakeholders on track and to meet deadlines. 3. A superior audit team that seems to be available almost 24/7 to answer questions in a very timely manner and is very smart. They all provided great tips and guidance when navigating the platform, the implementation process (straightforward), and a few integrations we had to accomplish very complicated tasks. 4. Great UI/UX design makes it intuitive and easy for senior managers like me to ensure all tasks are completed as they should be and on time by my team AND monitor the Thoropass audit & tech teams' support tickets. 5. Pricing is very fair given all you get (see #1 above). We negotiated a longer team deal covering more than 1 year and are very satisfied given what friends at other companies have paid. **What do you dislike about Thoropass?** 1. Not the most inexpensive solution in the marketplace. 2. The platform’s AI suggestions are sometimes "off", but welcome to the world of AI, and we always check anyway. 3. Duplicate document uploads during the audit process are frustrating, but they are foxing nd making better via AI tools we noticed at the end of process 4. Would be nice to simplify some navigation menus related to complex tasks, but too bad **What problems is Thoropass solving and how is that benefiting you?** 1. Trust in my company across our security, compliance, InfoSec, and legals environment and infrastructure provided clients the required information their InfoSec and procurements teams needed in order to collaborate with us. 2. Solves the complexity, high cost, and time-intensive nature of achieving security compliance (SOC 2, ISO 27001, and HIPAA) by combining automated evidence collection, AI-driven verification, and expert guidance and final evidence. 3. Saves our internal security, compliance, InfoSec hundreds of hours each quarter in replying to and answering RFP/RFI/other information questions. Our SOC 2 report(s), audit(s), and certification(s) accelerate completion rates 50-75% faster and results in overall lower costs even including the annual Thoropass cost. ### 5. Streamlined Compliance with User-Friendly Interface **Rating:** 4.5/5.0 stars **Reviewed by:** JP M. | Senior Manager of Operations, Mid-Market (51-1000 emp.) **Reviewed Date:** May 07, 2026 **What do you like best about Thoropass?** I use Thoropass for their compliance platform to manage SOC 1, SOC 2, and GDPR internally and they perform our annual SOC 1 Type 2 and SOC 2 Type 2 audits. I appreciate how their tooling helps streamline our security and compliance efforts, with dramatically better reporting and some data collections being automated. The ability to assign and delegate tasks in one platform is very helpful. I find the usability to be excellent; it's very easy to navigate and use, and I was able to onboard as our compliance lead very quickly. Audit evidence requests were much easier with it. It also pulls data from our other tools for automated evidence collection. The initial setup was trivial, which made understanding the SOC requirements easier. **What do you dislike about Thoropass?** I've hit some bumps with user access management and people management, and custom integrations would be awesome. Their questionnaire tooling is limited **What problems is Thoropass solving and how is that benefiting you?** I use Thoropass to streamline security and compliance efforts, make reporting better, automate data collection, and easily assign tasks. Audit evidence collection is much simpler too. ### 6. Outstanding Experience from Start to Finish **Rating:** 5.0/5.0 stars **Reviewed by:** Jason L. | Senior Security Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** January 09, 2026 **What do you like best about Thoropass?** I’ve worked with Thoropass twice for SOC 2—once at a previous company and again at my current company—and both experiences were excellent. The platform is easy to use, well-structured, and clearly shows what’s required, in progress, and audit-ready. Implementation is straightforward, even across organizations with different levels of security maturity. Thoropass really stands out in customer support—their team is responsive, knowledgeable, and great at turning SOC 2 requirements into practical, actionable steps. Feature-wise, Thoropass covers everything needed for SOC 2 in one place, including control management, evidence tracking, policies, vendor risk, and audit coordination. Overall, Thoropass makes SOC 2 far more manageable and repeatable. I’d highly recommend it to any company pursuing or maintaining SOC 2 compliance. **What do you dislike about Thoropass?** There’s very little to dislike overall. Some advanced features and reporting options may take a bit of time for first-time users to fully explore, but the learning curve is minor and well-supported by their customer success team. **What problems is Thoropass solving and how is that benefiting you?** Thoropass solves the complexity and operational overhead of SOC 2 by centralizing controls, evidence, policies, and audit workflows into a single, easy-to-use platform. It removes the need for spreadsheets, scattered documents, and manual tracking while providing clear guidance on what’s required. This has saved significant time, reduced audit stress, and made SOC 2 a repeatable, scalable process across multiple organizations. ### 7. Effortless Compliance Management with Customizable Templates **Rating:** 4.5/5.0 stars **Reviewed by:** Wei P. | Small-Business (50 or fewer emp.) **Reviewed Date:** February 23, 2026 **What do you like best about Thoropass?** I like that Thoropass features help manage all aspects of compliance for my company, including employee management, policies, training, and vendor management. I also appreciate the audit process transparency. The initial setup was very easy, and our CSM helped migrate all the needed assets from Tugboat Logic. Additionally, we can integrate Thoropass with a few of our tools for vendor management, and the price and platform features were reasons we switched from Tugboat Logic. **What do you dislike about Thoropass?** During the audit process, the evidence collection template could be customized for a SaaS product like ours. It would be better if the evidence collection template could be tailored to suit different types of workspaces. **What problems is Thoropass solving and how is that benefiting you?** Thoropass helps manage compliance frameworks for my company, including HIPAA asset management and audits. It supports comprehensive compliance processes like employee policies, training, and vendor management, ensuring audit process transparency. Thoropass also perform HIPAA assessment where other platforms only do record keeping. ### 8. Highly Communicative, Top Choice for Pentesting **Rating:** 4.5/5.0 stars **Reviewed by:** Amelia P. | Head of IT, Mid-Market (51-1000 emp.) **Reviewed Date:** August 22, 2025 **What do you like best about Thoropass?** I really appreciate Thoropass for their communicative approach, which makes it easy as a leader to know where in the process we are, solve doubts, or get extra information about the findings. They help coordinate the process better with all parties involved. I also like the 90-day unlimited retest after receiving the penetration testing report because it allows us to make code improvements on their findings and reassess whether the fix has the expected impact, which secures solution quality and ensures an effective hardening process. The initial setup was really easy too, thanks to the Thoropass team who provided technical requirements and how-to guides, along with frequent communication from the customer success team to ease any challenges. **What do you dislike about Thoropass?** I don't have anything in specific on my projects with Thoropass that I dislike. **What problems is Thoropass solving and how is that benefiting you?** Thoropass helps us meet partner agreement and ISO27001 requirements with graybox pentests. They're communicative, offering insights and process coordination. Their 90-day unlimited retest helps ensure effective fixes and solution quality. We switched from Orange Cybersecurity for better cost-reward balance and bundled offers. ### 9. Simplifies Audits with Reliable Support **Rating:** 5.0/5.0 stars **Reviewed by:** Creed M. **Reviewed Date:** February 10, 2026 **What do you like best about Thoropass?** I really liked the people I worked with, especially Ritu, who was amazing, and the auditors were all super understanding and helpful. They really helped us get to the right spot. The evidence request feature is something I use the most, and I spent a lot of my time working in it and commenting back and forth with the auditors. The setup of Thoropass was very easy. **What do you dislike about Thoropass?** The interface could maybe be a little bit more directed towards the audit experience. It's a little bit hard to get into all the evidence requests. Just from opening the application, but once you know how to do it, it's not too bad. It's just several clicks to get to it. But an audit, I would assume that that would be front and center. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is our system of record for auditing documents, keeping track of all documentation. It connects with many of our systems and helps manage administrative documentation for employees, doing a great job at keeping everything organized. ### 10. Automation Disappointment, Manual Work Still Needed **Rating:** 1.0/5.0 stars **Reviewed by:** Patrick J. **Reviewed Date:** February 10, 2026 **What do you like best about Thoropass?** I like that Thoropass started well with sales support, where we got the relevant team members on board, which was promising for relevant areas. The kickoff was relatively prompt, and the policies in general were of pretty good quality. **What do you dislike about Thoropass?** The main issue I have is with Thoropass's platform and evidence collection, which are extremely basic and manual. We were promised automated evidence collection, but it simply wasn't delivered. For companies undergoing ISO 27001 and SOC 2 type 2 certifications, the platform requires submitting identical evidence twice, wasting valuable time. It doesn't feel fit for purpose and we might have been oversold during the sales pitch with claims of automation and AI that are overstated. Additionally, ChatGPT provides faster and better responses in some areas compared to Thoropass tools, especially on the AI side, and even the team has confirmed not to rely on Thoropass's AI suggestions. **What problems is Thoropass solving and how is that benefiting you?** I use Thoropass to create policies, organize evidence, and automate submissions for ISO 27001 and SOC 2 certification, making it easier for a small team to handle without hiring consultants. It reduces time spent on simple tasks with coordinated evidence collection. ### 11. Comprehensive Compliance Support, Needs Report Enhancement **Rating:** 5.0/5.0 stars **Reviewed by:** Sabrina P. | Partner & Founder, Small-Business (50 or fewer emp.) **Reviewed Date:** March 05, 2026 **What do you like best about Thoropass?** I really like Thoropass for the personal assistance and the real-time value it provides. The platform walkthroughs and having auditors at my fingertips to ask questions are fantastic. I also appreciate the roadmap and the platform itself for helping with compliance and certification. The 1:1 conversations to understand the controls better and the breakdown of technical controls are hugely beneficial. Setting it up was easy, and I'd definitely use it again for other clients. **What do you dislike about Thoropass?** The report itself was generic - in which the selected tools my client uses were not within the sections - instead it was listed out in the first 2 sections. **What problems is Thoropass solving and how is that benefiting you?** Thoropass provides best practices, a checklist, and a roadmap for compliance and certifications. I appreciate the personal assistance, real-time value, and ability to converse 1:1 with auditors, helping understand and implement technical controls better. ### 12. Streamlined SOC 2 Compliance with Stellar Support **Rating:** 5.0/5.0 stars **Reviewed by:** Bruce F. | Small-Business (50 or fewer emp.) **Reviewed Date:** February 27, 2026 **What do you like best about Thoropass?** I appreciate Thoropass for its extremely well-thought-out and easy-to-follow process. They are always there through email and phone at every step of the way, offering communication that's both personal and professional. I also found their Roadmap very helpful as it allowed me to prepare all the necessary information before the audit, making the process very straightforward. The initial setup was extremely easy since they guided us through every step. **What do you dislike about Thoropass?** Their automated metrics have a few problems. They sometimes disconnect from the service and when they do you have to go to each metric and refresh it. It would be nice if all the metrics would refresh when a connection comes back up. **What problems is Thoropass solving and how is that benefiting you?** Using Thoropass, I can assure customers of our SOC 2 compliance; it also highlighted areas for process improvement, which benefits us internally and our customers. ### 13. With Thoropass it is simple and easy to monitor compliance **Rating:** 5.0/5.0 stars **Reviewed by:** Aaron G. | Director of Cloud Services, Small-Business (50 or fewer emp.) **Reviewed Date:** September 17, 2024 **What do you like best about Thoropass?** I like the way that Thoropass has an easy to use task based interface that you can easily see what you need to remedy in your cloud platforms to maintain your soc 2 compliance. It also has automated monitors that work with our azure environment to monitor the environment and if anything goes out of compliance it will immediately flag it and give you a task to remediate it. It was easy to implement and integrate with azure. So far the customer support has been great and I use it daily to make sure everything in azure is compliant. **What do you dislike about Thoropass?** In a couple of interfaces there are sections that require you to click twice but doesn't indicate it. Once you know though its not much of an issue. **What problems is Thoropass solving and how is that benefiting you?** We only use few features in Azure and insted of doing things like recommending additional products like defender does, it only makes sure what we use is compliant. ### 14. Effective Compliance Management with Room for Improvement **Rating:** 3.5/5.0 stars **Reviewed by:** Barak P. | SVP Product & Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** December 08, 2022 **What do you like best about Thoropass?** I really appreciate Thoropass for its excellent account management and the outstanding human support we receive. Our account manager provides exceptional service, ensuring smooth interaction and assistance, which significantly enhances our overall experience with the platform. In addition to this, the pen test team is truly exceptional, offering expert insights and reliable performance in conducting penetration tests. These aspects of Thoropass greatly contribute to our ability to streamline and manage our compliance efforts effectively, making our work processes more coherent and unified. **What do you dislike about Thoropass?** I find the actual platform for managing our compliance assets somewhat confusing, which complicates achieving my compliance objectives efficiently. Additionally, I encountered challenges during the initial setup, specifically issues integrating Thoropass with Gusto, which hindered a smooth onboarding process. **What problems is Thoropass solving and how is that benefiting you?** I use Thoropass to consolidate our compliance efforts and third-party pen tests, simplifying SOC2 & HIPAA compliance management. ### 15. User-Friendly Platform with Powerful Automation Features **Rating:** 4.5/5.0 stars **Reviewed by:** Ben R. | Head of Customer Success and Product Strategy, Small-Business (50 or fewer emp.) **Reviewed Date:** March 17, 2026 **What do you like best about Thoropass?** The platform is user-friendly and offers a lot of useful automation features. It is a great all in one location for compliance data. **What do you dislike about Thoropass?** Some questions took a while to get answered, which slowed the overall process. The system is very self-guided, and that can be challenging for users who are new to compliance activities and may need a bit more direction. **What problems is Thoropass solving and how is that benefiting you?** Our customers and prospective customers have security compliance requirements, and Thoropass makes the process of obtaining and maintaining those certifications much less painful. ### 16. ​Thoropass: A Project Manager's Essential Ally for ISO 27001 Compliance **Rating:** 4.0/5.0 stars **Reviewed by:** Nicolas B. | Project Manager & Solution Architect, Mid-Market (51-1000 emp.) **Reviewed Date:** August 21, 2025 **What do you like best about Thoropass?** As a Project Manager deeply embedded in the ISO 27001 compliance process, Thoropass has proven to be an invaluable and highly supportive partner. What I particularly appreciate is its comprehensive approach to guiding us through the complexities of information security management. The platform’s ability to centralize documentation, track progress, and provide clear insights into our compliance posture has significantly streamlined what could otherwise be an overwhelming undertaking. The automated reminders and integrated task management features ensure we stay on track, and the readily available support resources have been instrumental in clarifying specific requirements, ultimately making the entire journey towards ISO 27001 certification much more manageable and efficient. **What do you dislike about Thoropass?** ​While Thoropass generally excels in its support for compliance, there are areas where the user experience could be refined. I've occasionally found the tool to be a bit slow, which can disrupt workflow during critical phases. Furthermore, there are instances where defining what is precisely necessary for certain controls isn't as straightforward as it could be, requiring a bit more effort to interpret. Optimizing the user experience to be even more intuitive and simplifying the navigation for complex tasks would greatly enhance the overall efficiency and user satisfaction, especially when dealing with tight deadlines and intricate compliance requirements. But these are just details and my own personal considerations. Overall the tool is great and a great support to whoever is working on complicance related processes. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is significantly assisting me in my role as a Project Manager responsible for ISO 27001 compliance by providing an all-in-one platform that automates and streamlines the complex process. It acts as a central hub for managing documentation, tracking progress, and understanding our compliance posture, effectively reducing the manual effort typically associated with ISO 27001. The platform's expert guidance, combined with automated evidence collection and continuous monitoring, is making the journey to certification far more efficient and manageable, enabling us to confidently navigate the intricacies of information security management. ### 17. Thoropass makes compliance possible for us **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** November 29, 2022 **What do you like best about Thoropass?** The best part about Thoropass is the dedicated security architect role; we've only had good experiences working with Thoropass's team members, and the architect has been a keystone for us when trying to navigate the compliance landscape. Their expertise allowed us to make intelligent decisions around how we approach each control in line with our existing policies and procedures. It's been three years since we started leveraging Thoropass and they've helped immensely! **What do you dislike about Thoropass?** Nothing majorly stands out as an issue with using Thoropass. I'll mention we've had hiccups around the in-browser document editor occasionally crashing, but due to the cloud-based nature of Thoropass, no work was ever lost from this. **What problems is Thoropass solving and how is that benefiting you?** Thoropass significantly lowered our barrier to entry on SOC2 compliance, answering our questions and bringing us up to speed on controls, generating a tremendous amount of documentation (basically overnight!), and helping us keep it all organized. ### 18. A Game-Changer for Compliance Management! **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** August 20, 2024 **What do you like best about Thoropass?** Thoropass has completely transformed the way we handle compliance in our organization. Fharen, Jarad and the rest of the team has been so helpful. The platform is incredibly user-friendly and makes managing audits and certifications a breeze. What I love most is the seamless integration with our existing tools, which has saved us countless hours. If you're looking for a reliable compliance solution that actually makes your life easier, Thoropass is the way to go! **What do you dislike about Thoropass?** It's user-friendly once you get the hang of it and integrates well with our existing systems. The support team is generally helpful, but we've noticed some delays in response times during certain scenarios, which can be a bit frustrating when dealing with urgent issues. There’s also a bit of a learning curve at the beginning, especially for those not familiar with compliance software. Overall, it's a great tool, but be prepared to invest some time upfront. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is helping us streamline the process of achieving HIPAA compliance and SOC 2 certification. By providing a comprehensive compliance management platform, it has simplified tracking, documentation, and auditing, allowing us to stay on top of our regulatory requirements. This has greatly benefited our organization by reducing the complexity and time involved in maintaining compliance, ensuring that we can focus more on our core business operations while staying secure and compliant. ### 19. Seamless Audit Management and Integration **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Hospitality | Small-Business (50 or fewer emp.) **Reviewed Date:** May 13, 2024 **What do you like best about Thoropass?** I like that the audit process runs smoothly with Thoropass. It's great that the audit team is engaged from day one, which gives them a clear understanding of our business model. The initial setup was very easy, and I appreciate how Thoropass seamlessly integrates with our tech stack. **What do you dislike about Thoropass?** They need a live chat. **What problems is Thoropass solving and how is that benefiting you?** Thoropass helps me maintain a healthy control environment by managing evidence collection, vendor, and HR management. It smooths the audit process as the team understands our business model from day one. ### 20. Easy-to-Use Portal That’s Simple to Navigate **Rating:** 5.0/5.0 stars **Reviewed by:** Paul Sam S. | Director of Operation, Mid-Market (51-1000 emp.) **Reviewed Date:** February 19, 2026 **What do you like best about Thoropass?** Their portal is easy to navigate and simple to use. The features feel complete, and I often use them to support our processes, especially for new-hire onboarding and offboarding. The implementation was quick, which has made our workflow easier overall, particularly when it comes to tracking and reviewing access. **What do you dislike about Thoropass?** I encountered a minor bug before, but it was quickly addressed by our Customer Success Manager. **What problems is Thoropass solving and how is that benefiting you?** Thoropass overall is helping us become equipped with knowledge to ensure our business is secure from any threat ### 21. Breeze Compliance as a Service **Rating:** 5.0/5.0 stars **Reviewed by:** Lucas M. | DevOps Lead, Mid-Market (51-1000 emp.) **Reviewed Date:** September 30, 2025 **What do you like best about Thoropass?** The Cloud Monitors designed for SOC 2 not only made the compliance process much smoother, but also brought improvements to other areas such as infrastructure security and cost management. The entire process of preparing for SOC 2 was streamlined, and I especially appreciated that everything was automated, with clear instructions provided for resolving any issues detected by each monitor. The support we received from Patrick on the Thoropass team was truly exceptional. Because most controls are linked through monitors, and those monitors are connected via integrations, implementing the system in our company was incredibly straightforward. Once we set up the integrations, the platform automatically populated much of the necessary information, and many controls were completed without manual intervention. I also find it very convenient to log in to the Thoropass platform daily to see if there are any new tasks required to maintain compliance or to check for any regressions. Their platform makes it easy to stay on top of compliance requirements, even after achieving the initial certification. **What do you dislike about Thoropass?** The process of purchasing and managing payments through AWS Marketplace was somewhat cumbersome. I believe it might have been easier if we had used a different purchasing method. However, this issue was primarily due to AWS and not the fault of Thoropass. Thoropass itself is excellent! **What problems is Thoropass solving and how is that benefiting you?** Thoropass is a truly comprehensive platform for achieving and maintaining SOC 2 compliance. It streamlines critical processes like security training, vendor risk reviews, risk management, audits, and SOC 2 control implementation. On top of that, it supports penetration testing and other essential compliance tasks. With Thoropass, companies not only simplify their compliance journey but also build greater reliability and trust with their customers. ### 22. Very helpful in reaching SOC 2 Compliance! **Rating:** 3.5/5.0 stars **Reviewed by:** Kathryn O. | COO, Small-Business (50 or fewer emp.) **Reviewed Date:** October 07, 2025 **What do you like best about Thoropass?** We love the team at Thoropass and their help in getting us SOC 2 certified! They answered all of our questions promptly and it was really helpful having access to their knowledge throughout this process. The portal allowed us to save down everything that was needed for the audit and easily & transparently see everything we'd already saved down. It kept our team organized and driving towards our main goal. **What do you dislike about Thoropass?** I didn't love the fact that you have to upload documents effectively twice (once during the preparation phase and a second time during the audit phase). I wish the documents that I previously uploaded would have remained so that I didn't have to duplicate my work. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is helping us get SOC 2 Type 1 and SOC 2 Type 2 certified. We've never done it before and they've laid out all of the steps for us. ### 23. Takes the guesswork out of SOC 2 Compliance **Rating:** 4.5/5.0 stars **Reviewed by:** Alexander S. | Principal Technical Program Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** November 16, 2023 **What do you like best about Thoropass?** Having both a caring and attentive account manager as well as reviewers made the whole annual SOC 2 compliance process easy to go through. What was originally met with anxiousness and angst turned into a good experience. Their site makes it easy to track the things that need to be updated, uploaded, and addressed for the review. It is also a good place to store vendor documentation and reminders for a monthly vulnerability scan as well as quarterly risk assessment. While not on the top of mind for a compnay constantly developing new features and delighting customers, compliance like this is critical and Thoropass makes it easy to do so. We have used Thoropass for 3 cycles now and it's gotten better over time. The speed to finish, clarity to evidence requests, and overall communication has increased. Their integrations with AWS, their own monitors, makes it all easier to use. **What do you dislike about Thoropass?** Sometimes the turnaround time when the cycle kicks off feels gray. While the team schedules specific dates on when we will do a walkthrough, review, as well as when to expect reports (draft, final), it's unclear if progress is being made. There's nothing in the audit module that shows you "hey, we've looked / we're looking at this ER-XX". You're never sure if it's being actively worked on, so sometimes it feels surprising when you get a slew of messages. **What problems is Thoropass solving and how is that benefiting you?** They make auditing and compliance easier to implement, track, and check. It's nice to have all of it in one place and to know that it produces industry standard documentation and reviews. ### 24. Effortlessly Passed Soc 2 with Thoropass **Rating:** 5.0/5.0 stars **Reviewed by:** Conor O. **Reviewed Date:** December 02, 2025 **What do you like best about Thoropass?** I find Thoropass incredibly helpful because it assisted us in passing the SOC 2 Type 1 audit, which shows its effectiveness in compliance management. I particularly appreciate the platform’s ease of use, which stems from its simple layout. Everything on Thoropass just makes sense; all sections are readily accessible on the left navigation bar. The names of these sections are intuitive, making navigation straightforward and efficient. This simplicity and logical organization enhance my overall experience, making my workflow smoother and more intuitive. Additionally, the support staff have been very helpful, contributing to a positive user experience by providing reliable assistance when needed. The initial setup of Thoropass was also very easy, which speaks to the platform’s user-friendly design, allowing us to get started quickly without any hassle. Overall, Thoropass provides an efficient, supportive platform for meeting compliance requirements, substantially aided by its thoughtful design and supportive customer service. **What do you dislike about Thoropass?** I think the pricing of Thoropass is a concern. Lowering the price in general would greatly help. **What problems is Thoropass solving and how is that benefiting you?** Thoropass simplifies SOC 2 compliance with an intuitive layout, making navigation effortless and improving team productivity. Their supportive staff enhances the experience. ### 25. Streamlined Compliance with Robust Integrations **Rating:** 4.5/5.0 stars **Reviewed by:** German A. | CTO **Reviewed Date:** December 15, 2025 **What do you like best about Thoropass?** I really like the integrations Thoropass offers. It has a lot of integrations, which is great for systems like ours that use different cloud providers. Connecting Thoropass with AWS was super helpful, covering about 40% of our SOC two compliance and saving us ten to twenty hours. **What do you dislike about Thoropass?** I think when you're doing multiple different compliance things, like ISO27000, HIPAA, and SOC 2, you may run into situations where the same control but with a slightly different approach has to be provided to different audit modules. And I think Thoropass could do a better job there at highlighting that as an opportunity for automating, so you don't have duplicate work. **What problems is Thoropass solving and how is that benefiting you?** Thoropass automates audit documentation and compliance for SOC 2, integrating with AWS to save us ten to twenty hours. It connects with our cloud providers and HR tools, easing compliance and control processes. ### 26. Easy to Use, Supportive Auditors, and a Terrific Pentest Team **Rating:** 4.0/5.0 stars **Reviewed by:** Zach C. | CEO, Small-Business (50 or fewer emp.) **Reviewed Date:** January 22, 2026 **What do you like best about Thoropass?** Relatively easy to use. Auditors are there to guide, not castigate. Pentest team is terrific and easy to work with too. Roadmap is super helpful. **What do you dislike about Thoropass?** Sometimes roadmap + audit ERs feel disconnected. E.g. lots of work to put them into the roadmap items, then re-populating them in ERs. AI review is not terrifically helpful - often misunderstands dates, etc. **What problems is Thoropass solving and how is that benefiting you?** Customer requirement to get SOC 2 PII Our requirement to do so at a good $ value and without having to become experts ### 27. Great tool to simplify our SOC 2 compliance journey and great support at every step **Rating:** 5.0/5.0 stars **Reviewed by:** Chantale S. | IT/Compliance Project Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** June 03, 2024 **What do you like best about Thoropass?** Thoropass proved invaluable in simplifying our SOC 2 compliance journey. It offers a comprehensive range of tools to ensure we have implemented all necessary controls. The platform facilitated a smooth transition with its intuitive interface. The responsive support team provided prompt assistance at every step, enhancing our confidence in our data protection efforts. Overall, Thoropass exceeded our expectations and is an ideal choice for businesses aiming for compliance excellence. We highly recommend it to any organization seeking an effective SOC 2 compliance solution. **What do you dislike about Thoropass?** Does not support French. Hoping they will add multilanguage functionality in a near futur. **What problems is Thoropass solving and how is that benefiting you?** Thoropass addresses key challenges we faced in our journey towards compliance. Firstly, it provides a structured approach to understanding and implementing the multitude of controls required for compliance, which was crucial in ensuring we covered all necessary aspects. Additionally, the platform offers guidance and resources tailored to our specific compliance needs, streamlining the process and saving us valuable time. By centralizing compliance efforts within the platform, we were able to efficiently track our progress, identify any gaps, and make adjustments as needed to meet all compliance requirements. ### 28. A solid compliance management tool **Rating:** 4.5/5.0 stars **Reviewed by:** Oskari V. | Head of Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** September 02, 2025 **What do you like best about Thoropass?** Thoropass makes it easy to manage our compliance posture. The tool has improved significantly over the past few years, and the integrations have been particularly valuable in streamlining our audit processes and saving time. The audits are well-prepared and straightforward to complete, making the entire process much less cumbersome than traditional approaches. **What do you dislike about Thoropass?** Thoropass has added many new features over the past two years. Due to our busy schedules and existing workflows, we haven't had time to adopt these new tools. We're already set in our current ways of working, which makes it hard to transition to the new features. **What problems is Thoropass solving and how is that benefiting you?** Thoropass solves key challenges around SOC 2 audits, security controls management, and overall compliance. The platform streamlines our SOC 2 audit preparation by consolidating evidence collection, automating control monitoring, and providing clear audit trails. It helps us manage security controls year-round, tracking implementation and collecting evidence continuously rather than scrambling during audit season. The main benefits include reduced audit preparation time, better visibility into compliance status, and proactive gap identification. The automation and integrations have freed our team to focus on strategic initiatives rather than manual compliance tasks. ### 29. Thoropass Guides You End-to-End to Certification with User-Friendly Support for SMB **Rating:** 4.5/5.0 stars **Reviewed by:** Maxime G. | Directeur de Comptes Majeurs & Développement des Affaires, Mid-Market (51-1000 emp.) **Reviewed Date:** January 13, 2026 **What do you like best about Thoropass?** Thoropass’s solution and support guide you all the way from the initial discovery phase through to final certification. They help at every step, provide solutions when needed, and the process is user-friendly even for non-technical users. **What do you dislike about Thoropass?** This isn’t specific to Thoropass, but the required proof is often odd and difficult to demonstrate. **What problems is Thoropass solving and how is that benefiting you?** Getting a SOC 2 certification for an SMB that is service-oriented in a non-IT environment means having to navigate between an MSP and third-party software, while keeping pricing affordable for an SMB. ### 30. Thoropass makes compliance easy to understand **Rating:** 5.0/5.0 stars **Reviewed by:** Greg B. | Financial Accountant / Project Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** December 05, 2022 **What do you like best about Thoropass?** As a small business perusing SOC 2 compliance, the path to certification is daunting. Using Thoropass made the entire process understandable and doable as tasks were broken into small chunks and never felt overwhelming. Overall, the platform has a clean and had an easy-to-use design. The portal's design made it simple for our small compliance team to collaborate throughout the whole project, as we were all able to see each other's progress and questions. Our Customer Success Manager (CSM), did exactly what their job title says - they were committed to helping us achieve success throughout our SOC 2 journey! Throughout the entire time our Company has used Thoropass, we have a standing monthly call with our CSM. I have found these quick meetings to be very helpful to stay up-to-date on new features The required employee trainings were easy monitor from the project management's side and easy to use and complete for all of our employees. The ease of use incentivized our employees to complete in a timely matter, despite their busy schedule. We have been using Thoropass for over three years now, and I can attest that they are continually making positive updates to the user experience and additional ways to make it easier for the user to use. **What do you dislike about Thoropass?** This may be a positive aspect for others, but as someone with a small and fairly simple Company, the number of new features can seem overwhelming at times. **What problems is Thoropass solving and how is that benefiting you?** Thoropass has assisted us through the process of attaining our SOC 2 compliance certificate and with ongoing annual audits. This is a step that is paramount for the continued growth of our company. They have also assisted us in scheduling annual PenTests ### 31. All-in-One Audit Platform with Outstanding Support **Rating:** 5.0/5.0 stars **Reviewed by:** Michael B. | CEO, Small-Business (50 or fewer emp.) **Reviewed Date:** November 06, 2025 **What do you like best about Thoropass?** Thoropass combines readiness, evidence management, and auditor interaction in a single platform. This helps Roark maintain an organized audit trail, critical for a firm that documents every control, ticket, and policy for SOC 2 evidence. The ability to collaborate with the auditor directly in-platform reduces friction and prevents duplicative work. Thoropass’ account management (Patrick) and audit team (Alexandre) operate with professionalism, consistency, and responsiveness, qualities Roark mirrors in its client relationships. This shared service philosophy strengthens the partnership. **What do you dislike about Thoropass?** Roark provides thorough, version-controlled documentation, frequently including screenshots, test results, and links to change tickets. However, Thoropass’s evidence upload interface can feel restrictive; the limited tagging and metadata options make it challenging to organize evidence by audit year, department, or control type. The bulk upload and version replacement features are also somewhat unwieldy, which hampers Roark’s audit preparation process. Introducing a more file-system-like interface or deeper integration with SharePoint, NinjaOne or Halo PSA could help make Roark’s workflow more efficient. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is solving several operational, compliance, and coordination challenges that every maturing managed service provider faces, especially one like Roark Tech Services, where precision, documentation, and trust define the brand. Its value lies in converting what was once a labor-intensive, spreadsheet-driven process into a structured, auditable workflow that reinforces Roark’s credibility with regulators, clients, and auditors alike. ### 32. Easy and well supported SOC2 Audit **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** April 09, 2024 **What do you like best about Thoropass?** In my role as the CTO of a small company, we started our SOCII Type 1 audit preparation with Thoropass, and the experience was smooth and positive. Our account manager was very supportive guiding us through the process of adjusting our internal procedures and collecting evidences. It was also easy to submit the evidences through the online portal and to get some quick feedback about them. **What do you dislike about Thoropass?** They are missing an easy way to categorize users and assign training to them based on that category. For instance, the "secure coding" training should be automatically assign to new employees if they are "developers", and ignored by others. **What problems is Thoropass solving and how is that benefiting you?** We used Thoropass to prepare for a SOCII audit. We were able to successfully go through our Type 1 audit, and then Type 2 ### 33. Thoropass Simpifies and Streamlines Compliance **Rating:** 5.0/5.0 stars **Reviewed by:** Julian M. | Chief Information Officer, Small-Business (50 or fewer emp.) **Reviewed Date:** August 19, 2025 **What do you like best about Thoropass?** Throughout our three years using Thoropass, we have always felt well supported by the team. Whether it was first learning the ropes as we obtained SOC2 Type I, migrating our primary cloud provider ahead of a SOC2 Type II audit, or facilitating a smooth penetration test, the team was always responsive and helpful. A special shout out to all of our auditors for their attention to detail when clarifying evidence request requirements. On the software side, the platform is organized and feature rich, allowing our team to quickly obtain the status of controls, which frameworks they align with, and delegate tasks. The ability to prematurely associate evidence with a control ahead of an audit is invaluable to staying organized. The built in risk register, vendor review, and access review components of the platform are well designed and powerful time savers. **What do you dislike about Thoropass?** One feature that would help our team but is currently lacking would be the ability to define custom monitors. **What problems is Thoropass solving and how is that benefiting you?** Thoropass streamlines our security audits and penetration tests, which are strict requirements for our customers. ### 34. Thoropass Software Review: Compliance Simplified **Rating:** 5.0/5.0 stars **Reviewed by:** Juan Carlos T. | Software Engineer manager, Small-Business (50 or fewer emp.) **Reviewed Date:** August 19, 2025 **What do you like best about Thoropass?** What I like best about Thoropass is how it simplifies and operationalizes complex compliance processes like SOC 2, ISO 27001, and HIPAA. The platform integrates seamlessly with our cloud infrastructure (AWS), version control systems (like GitHub), and ticketing tools, enabling automated evidence collection and real-time visibility into our audit readiness. **What do you dislike about Thoropass?** While Thoropass is a powerful platform, there are a few areas with room for improvement. The UI can sometimes feel a bit cluttered, especially when navigating large sets of controls or evidence items—this can slow down workflows for engineers who want to move quickly. Additionally, some of the integrations, while helpful, occasionally require manual tweaking or don't capture edge-case scenarios automatically. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is solving the problem of fragmented, manual, and time-consuming compliance processes. Before using Thoropass, tracking audit controls, collecting evidence, and preparing for frameworks like SOC 2 or ISO 27001 required a lot of coordination across teams and systems ### 35. User-Friendly Audit Management with Some Integration Hiccups **Rating:** 4.5/5.0 stars **Reviewed by:** Todd C. **Reviewed Date:** December 22, 2025 **What do you like best about Thoropass?** I like Thoropass's easy interface as it's straightforward to use. The dashboard makes it simple to check the status of various audits. It's also user-friendly enough to bring new users up to speed, which helps integrate them into the system quickly, adding value to our audit management. The initial setup was smooth, and our customer service manager, Grayson, was excellent, which also positively influenced our experience. **What do you dislike about Thoropass?** Some of the integrations for user reviews appear to have challenges and fail from time to time. Often some of the integrations with third-party platforms give false positives of issues. **What problems is Thoropass solving and how is that benefiting you?** I use Thoropass for managing audit frameworks like SOC2 and GDPR. Its easy interface facilitates integrating new users, enhancing audit management value. The dashboard offers straightforward audit status tracking. ### 36. Great experience using Thoropass for SOC2 compliance and penetration testing **Rating:** 4.5/5.0 stars **Reviewed by:** Basil V. | Chief Technology Officer and Chief Information Security Officer, Small-Business (50 or fewer emp.) **Reviewed Date:** August 17, 2025 **What do you like best about Thoropass?** The Thoropass platform for SOC2 compliance is quite robust and really helped with planning and tracking progress on SOC2 compliance items. The auditors seemed knowledgeable and were a pleasure to deal with, and Thoropass provides a lot of assistance in understanding the audit process. Thoropass penetration testing includes free retesting for 90 days which I haven't seen other pen testers offer and which I found quite valuable. Plus having the results available within the same platform (as the SOC2 compliance) was nice. **What do you dislike about Thoropass?** Transitioning from our SOC2 type 1 audit to our first type 2 audit with 6 month observation period didn't entirely match up with annually-scheduled compliance items. Strictly speaking our fault entirely, but maybe Thoropass could have provided clearer guidance for these scenarios. **What problems is Thoropass solving and how is that benefiting you?** Achieving SOC2 Type 2 security compliance, which is important to our customers and has also helped us improve our security & privacy posture which mitigates business risks. ### 37. Always there when we call **Rating:** 5.0/5.0 stars **Reviewed by:** Edward K. | Director of Operations, Small-Business (50 or fewer emp.) **Reviewed Date:** December 16, 2022 **What do you like best about Thoropass?** I am not a technologist and I don't know SOC 2 compliance issues at all. Laika has an easy to follow framework and other tools that make it more convenient to complete the required tasks on our way towards compliance. We don't have enough staff to allow us to put all of our attention on the SOC 2 process. Engaging the process with Laika allows me to complete the required tasks and also continue to operate our daily business obligations. **What do you dislike about Thoropass?** I haven't found any downside to working with Laika. All the necessary materials, resources and organization are right at hand. **What problems is Thoropass solving and how is that benefiting you?** Simple organization, where does one begin in this process? Laika organized our limited time and keeps us directed. Examples are available for us to use and adapt to our unique circumstances without spending the time we don't have to reinvent the wheel! And we needed the help too!! ### 38. Simplifying your Compliance Journey **Rating:** 5.0/5.0 stars **Reviewed by:** Sergiy P. | VP of Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** December 18, 2022 **What do you like best about Thoropass?** Thoropass framework provides a guided step-by-step pathway to achieving SOC/ISO 27001, GDPR compliance readiness aligned with your company's current state of information security. Thoropass assigns an account manager and a technology consultant to provide timely support during the compliance implementation process. Thoropass supplies security policy and procedures documentation templates that can be used as a head start or to validate your existing materials. Thoropass automates collection of evidence via its numerous 3rd party integrations. It streamlines security audit process as evidence, policies, and documentation are in a single location, which auditors can access directly through the platform. **What do you dislike about Thoropass?** It takes time to get accustomed to the documentation editing interface. While the number of integrations is decent and growing, it does not cover all key services that a typical enterprise would require. **What problems is Thoropass solving and how is that benefiting you?** Thoropass provides the framework and resources companies need to improve their security posture and achieve security compliance and certification within a predictable timeframe. ### 39. Thoropass and SOC2 process **Rating:** 5.0/5.0 stars **Reviewed by:** Nicole B. | Business Support Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** August 15, 2025 **What do you like best about Thoropass?** When I was first tasked with completing our initial SOC2 audit, I have to admit I was intimidated since I had never done anything of the sort. Thoropass assured me from the beginning they would be there every step of the way and THEY WERE! When the next year came around, we were assigned a new rep, Jade. From the jump she was extremely resourceful, friendly, professional and CONSTANT. Jade has assisted with training and compliance and has been a very import resource for our company. Our check-in meetings are educational and we always leave with either learning something new, or given a "heads up" on things we may have missed. I know if we have a question, it's one email and we will get a response. Thank you Jade for everything you have done and continue to do for us! We are alerted via email to login to complete upcoming tasks, which is at least monthly, which is helpful to have the extra reminders. The integration with our controls is resourceful and the entire implementation was doable. The first year was hard because we didn't know what to expect but we couldn't manage our SOC2 certification without Thoropass. **What do you dislike about Thoropass?** I can't think of anything I dislike. The application is very well put together and the task tracking is great. Once you're trained, it's very easy to use. **What problems is Thoropass solving and how is that benefiting you?** We are now able to provide annual SOC2 certification reports to our customers and vendors, while keeping us compliant and safe. ### 40. Compliance made easy! **Rating:** 5.0/5.0 stars **Reviewed by:** Ivan Y. | Compliance Project Manager, Mid-Market (51-1000 emp.) **Reviewed Date:** May 17, 2024 **What do you like best about Thoropass?** Thoropass is very attentive to their customers. We have received more than a dozen features that were highly requested by us specifically. Customer service got even more personalised which is great both from care and staying on track perspective. We are in for a long run. **What do you dislike about Thoropass?** Thoropass is improving gradually compared to next year and nothing to report about as of now in terms of improvement. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is a core part of our daily operations. With their help, our audit season is much easier due to simplifying the preparation process. Thoropass has played a crucial part in preparation and walkthrough of our SOC2 Type and GDPR compliance, as well as ISO 27001 certiciation. In addition to audits, Thoropass has helped us automate security measures and internal audits, as well as provide a great platform for employee training to raise compliance awareness amongst staff. Finally, Thoropass plays an important part in vendor risk management, providing great templates and processes to make sure we select and mantain partnerships with the best vendors. ### 41. My experience with Thoropass **Rating:** 5.0/5.0 stars **Reviewed by:** Brandon D. | VP of Customer Success, Small-Business (50 or fewer emp.) **Reviewed Date:** September 17, 2025 **What do you like best about Thoropass?** Relationship - helping us through the process, especially with us being a new start-up business Customer support - immediately answering any questions we may have and frequent check-ins Ease of implementation - setting up was an easy process for us. **What do you dislike about Thoropass?** Getting access to the portal for some people, especially those who are non-tech savvy, requiring them to use an authenticator which they are not familiar with. Security Awareness training wasn't appealing nor interactive. Didn't feel it was beneficial as anyone can just speedily go through the slides without reading anything. **What problems is Thoropass solving and how is that benefiting you?** We work as a 3rd party with organizations that require us to ensure we are in compliance with their security requirements. Also as a start up, we needed to be able to make sure all security controls are developed and in place. ### 42. Out of caveman times and into the future! **Rating:** 5.0/5.0 stars **Reviewed by:** Jocelyn J. | Compliance Director, Small-Business (50 or fewer emp.) **Reviewed Date:** August 11, 2025 **What do you like best about Thoropass?** Thoropass truly moved our company into the future. Prior, we were still using an in-person firm that would take months of time to prepare for our SOC audit. With Thoropass, not only has their system been an absolute breeze, but it has saved us countless hours of time. By the time we were ready to undergo our SOC 2, everything had already been filled in and ready to go with all the systems we have integrated. It makes the process such a breeze! We love having a dedicated rep to help answer any questions we have at any point, they are always so friendly and helpful. **What do you dislike about Thoropass?** It's honestly hard to find a downside, because we love Thoropass so much! I believe we may have had one system that wasn't available to integrate when we initially signed up, but they are constantly improving their system to add additional integrations and make the process seamless and we now have everything integrated that we need. **What problems is Thoropass solving and how is that benefiting you?** Thoropass has saved us literal weeks of time on our SOC audit, their system is so seamless and after getting everything set up, it's almost like our SOC audit just completes itself. We used to have to spend months of prep time and a week or more of auditors being in-person, taking up immense time out of our schedules. It's been the biggest time saver! It's also helped us clean up our policies to be more streamlined and secure. ### 43. Really great partnership for security compliance **Rating:** 5.0/5.0 stars **Reviewed by:** Joe C. | Sr. Systems and Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** May 16, 2024 **What do you like best about Thoropass?** Been using Thoropass for over a year now. Really love the support and guidance throughout the whole process. Dedicated customer support rep has been great, they also have a SOC2 tuesdays webinar and that has also been really good. I also really like the connection between the customer support and audit team, multiple occasions where we weren't quite sure if that's what the auditor would want so they can ask the auditor directly. Other products don't have that luxury but thoropass has all that built in. Very nice. Been a great partner and the interface is really great to work with. **What do you dislike about Thoropass?** Everything can be improved and I think they listen to the customers to keep adding the most requested features. They have been rolling out new features like a trust center that pulls compliance data from their app. Also, just implemented AI within the app to determine if the evidence collected passes an AI test. I couldn't think of anything else that they need for me. Seems to have just the right amount of everything. **What problems is Thoropass solving and how is that benefiting you?** Thoropass is helping us achieve SOC2 BUT along the way, it is really cleaning up security processes and policies along the way. Having one cloud based interface to reference everything is great! I used a blogging tool before but this is much more streamlined. Prior to SOC2 work, was looking for a tool that would check my cloud enviroments for basic security issues. Most I found out there were very expensive and complex BUT Thoropass provides that functionality so that is also great to have! Makes our cloud enviroments much more secure. ### 44. Grateful for the guidance **Rating:** 5.0/5.0 stars **Reviewed by:** David S. | Chief Operating Officer, Small-Business (50 or fewer emp.) **Reviewed Date:** August 14, 2025 **What do you like best about Thoropass?** Thoropass guided our company through the process of becoming SOC 2 compliant and in preparing for our Type 2 Audit and we are grateful for the guidance. While our team members had prior SOC 2 experience, this was a first for the Company. We got prompt, accurate, and useful advice every time we needed it and this enabled us to easily implement policies and procedures that we developed or augmented for compliance. We use the thoropass frequently and so we are pleased that we are able to easily sign in and get to work. **What do you dislike about Thoropass?** The software interface is not as intuitive as we would like but Thoropass promptly responded to our questions and we now have functional ability to use the software. **What problems is Thoropass solving and how is that benefiting you?** IT Security is paramount for us and with Thoropass we are confident that we can deliver on our promises to our clients ### 45. A strong focus on compliance automation and audit management **Rating:** 3.5/5.0 stars **Reviewed by:** Mark E. | Security Compliance Manager, Mid-Market (51-1000 emp.) **Reviewed Date:** July 31, 2025 **What do you like best about Thoropass?** Structured Compliance Frameworks – Thoropass provides pre-mapped controls for SOC 2, ISO 27001, and other frameworks, significantly reducing time spent on manual control mapping and cross-referencing. Integrated Evidence Collection – The automated integrations with tools like AWS, Google Workspace, and HRIS systems streamline evidence gathering, helping maintain audit readiness year-round. Guided Audit Experience – The platform not only organizes compliance work but also connects directly with experienced auditors, ensuring a seamless transition from preparation to certification. Clear Task Management & Tracking – Its dashboard and workflow tools allow for easy assignment, monitoring, and closure of tasks, which keeps teams accountable and eliminates confusion. Responsive Support Team – Thoropass provides prompt, informed support and advisory guidance, which is invaluable when navigating complex compliance requirements. **What do you dislike about Thoropass?** Limited Customization for Unique Controls – While the platform covers major frameworks well, adding company-specific controls or tailoring workflows sometimes requires workarounds or external documentation. Occasional Integration Gaps – Some integrations (e.g., niche HRIS or ticketing systems) are not fully supported, which means certain evidence must still be uploaded manually. Reporting Limitations – Standard reports are functional but could benefit from more flexibility and export options for board-level or regulator presentations. Learning Curve for First-Time Users – Although intuitive once familiar, the platform’s terminology and structure can initially feel overwhelming to teams new to compliance automation. Audit Coordination Bottlenecks – Scheduling and coordination with auditors through the platform is efficient most of the time, but peak periods can result in slower response times. **What problems is Thoropass solving and how is that benefiting you?** Manual Compliance Burden – Thoropass automates evidence collection from systems like AWS, Google Workspace, and HR tools, removing the need for repetitive manual screenshots, exports, and spreadsheets. Benefit: Saves significant time for the compliance team and ensures evidence is always up to date. Audit Readiness Stress – Preparing for SOC 2 or ISO 27001 audits can be chaotic; Thoropass provides a structured framework, pre‑mapped controls, and direct auditor connections. Benefit: Audits become predictable and less disruptive to day‑to‑day operations. Task Ownership Confusion – In many organizations, compliance tasks fall through the cracks. Thoropass assigns, tracks, and monitors each task. Benefit: Everyone knows their responsibilities, deadlines are met, and accountability is maintained. Continuous Monitoring Gaps – Many companies only focus on compliance at audit time. Thoropass maintains integrations and automated checks year‑round. Benefit: The organization remains compliant continuously rather than scrambling once a year. ### 46. Thorough, Easy Tool That Helped Us Catch Issues Before the Pentest **Rating:** 5.0/5.0 stars **Reviewed by:** Chris T. | CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** January 22, 2026 **What do you like best about Thoropass?** Very thorough and the tool made the process very easy. The account manager is very responsive and explained the entire process very well. With regards to the Pentest, the tool helped us identify a few issues ahead of the actual pentest, saving time for us and the pen-testers. **What do you dislike about Thoropass?** Some of our documentation tools are not yet supported by the tools. **What problems is Thoropass solving and how is that benefiting you?** SOC-2 compliance ### 47. Thoro-ly disappointed. Immature platform, missing basic functions, inflexible to use, slow to fix. **Rating:** 0.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** February 20, 2026 **What do you like best about Thoropass?** I like that you can (theoretically) have a functionaly GRC tool, auditors, and penetration testing in one package. **What do you dislike about Thoropass?** Thoropass is not even close to as good as its competitors Vanta, Sprinto, or Qalea. From the backend to the frontend, the platform is horribly designed and there is already so much technical debt, that it takes them half a year to fix small issues. **What problems is Thoropass solving and how is that benefiting you?** It is supposed to be helping us with compliance management and audits. It is doing that very poorly. ### 48. Thoropass is a great SOC2 Compliance Solution for our Fintech Business **Rating:** 5.0/5.0 stars **Reviewed by:** Kenny R. | Head of Operations, Small-Business (50 or fewer emp.) **Reviewed Date:** May 17, 2023 **What do you like best about Thoropass?** We adopted Thoropass to centralize our SOC compliance program and it paid off immediately. The platform made scoping, control mapping, and evidence collection straightforward — no more scattered spreadsheets or last-minute scramble before audits. Tasks and reminders keep owners accountable, the evidence repository is easy for auditors to navigate, and the papertrail for testing is clear and exportable. **What do you dislike about Thoropass?** Thoropass' original pen test partner was difficult to work with, but they have since mitigated this issue and their new in house pen test solution is much better. **What problems is Thoropass solving and how is that benefiting you?** Preparing for SOC 2 Type I → Type II, ongoing control evidence collection, auditor collaboration They have made the SOC 2 compliance process so easy and straightforward. They are an excellent value for the price and they will make the process so much easier than you ever thought possible. ### 49. Quick Audit Turnaround, Needs UI Improvement **Rating:** 3.5/5.0 stars **Reviewed by:** Alex S. **Reviewed Date:** February 05, 2026 **What do you like best about Thoropass?** I like that Thoropass is very easy to set up and is transparent in Slack. It's impressive that the audit was completed in just a few days. **What do you dislike about Thoropass?** The browser UI is confusing, with lots of windows and confusing designations between tasks and audit items. The initial setup was unclear because of the UI confusion. **What problems is Thoropass solving and how is that benefiting you?** Thoropass helps satisfy SOC II audit requirements and validate security measures. It's easy to set up, transparent in Slack, and completes audits in a few days. ### 50. Great Support. Mediocre UI/UX **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** September 15, 2025 **What do you like best about Thoropass?** There overall customer support and account management has been great. The team has always been helpful with questions and they provide answers quickly. **What do you dislike about Thoropass?** The user experience of the Thoropass application could be designed better. It's lacking some features. It shows Tasks, but has no way to easily view past tasks completed and manage recurring tasks. It's more of a hack that our AM showed us. So trying to keep track of what tasks are due next month, next quarter, etc is difficult. It could be easily resolved with a Calendar and simple recurring task management. The initial sales process was rough. We were very close to ending conversations with our sales rep. Looking back at it, I think the sales rep just didn't have great industry experience and may have been green. The sales rep's responses just came off as very shady and misleading. We couldn't get a straight answer on cost. Eventually, we had it escalated to some one in management who was able to articulate the cost of the platform. **What problems is Thoropass solving and how is that benefiting you?** Thoropass allows us to adopt the compliance we need, quickly, to service our customers. ## Thoropass Discussions - [What is Laika used for?](https://www.g2.com/discussions/what-is-laika-used-for) - 1 comment - [View Thoropass pricing details and edition comparison](https://www.g2.com/products/thoropass/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-14+10%3A24%3A14+-0500&secure%5Bsession_id%5D=35eaf2e9-27e2-4659-a52e-bbd8b393edf8&secure%5Btoken%5D=10059d3ee56b5d70a442559c00a3b27612a744b4a3a972169a28ad92993f190e&format=llm_user) ## Thoropass Integrations - [ADP Workforce Now](https://www.g2.com/products/adp-workforce-now/reviews) - [Agentforce Service (formerly Salesforce Service Cloud)](https://www.g2.com/products/agentforce-service-formerly-salesforce-service-cloud/reviews) - [Amazon Aurora](https://www.g2.com/products/amazon-aurora/reviews) - [Amazon CloudFront](https://www.g2.com/products/amazon-cloudfront/reviews) - [Amazon DynamoDB](https://www.g2.com/products/amazon-web-services-aws-amazon-dynamodb/reviews) - [Amazon EC2](https://www.g2.com/products/amazon-ec2/reviews) - [Amazon Elastic Container Service (Amazon ECS)](https://www.g2.com/products/amazon-elastic-container-service-amazon-ecs/reviews) - [Amazon Elastic Kubernetes Service (Amazon EKS)](https://www.g2.com/products/amazon-elastic-kubernetes-service-amazon-eks/reviews) - [Amazon QuickSight](https://www.g2.com/products/amazon-quicksight/reviews) - [Amazon Redshift](https://www.g2.com/products/amazon-redshift/reviews) - [Amazon Relational Database Service (RDS)](https://www.g2.com/products/amazon-relational-database-service-rds/reviews) - [Amazon Simple Email Service (Amazon SES)](https://www.g2.com/products/amazon-simple-email-service-amazon-ses/reviews) - [Amazon Simple Storage Service (S3)](https://www.g2.com/products/amazon-simple-storage-service-s3/reviews) - [Amazon Virtual Private Cloud (Amazon VPC)](https://www.g2.com/products/amazon-virtual-private-cloud-amazon-vpc/reviews) - [AWS Amplify](https://www.g2.com/products/aws-amplify/reviews) - [AWS Auto Scaling](https://www.g2.com/products/aws-auto-scaling/reviews) - [AWS Batch](https://www.g2.com/products/aws-batch/reviews) - [AWS Cloud9](https://www.g2.com/products/aws-cloud9/reviews) - [AWS Cloud Development Kit (AWS CDK)](https://www.g2.com/products/aws-cloud-development-kit-aws-cdk/reviews) - [AWS CloudFormation](https://www.g2.com/products/aws-aws-cloudformation/reviews) - [AWS Elastic Beanstalk](https://www.g2.com/products/aws-elastic-beanstalk/reviews) - [AWS Fargate](https://www.g2.com/products/aws-fargate/reviews) - [AWS Glue](https://www.g2.com/products/aws-glue/reviews) - [AWS Identity and Access Management (IAM)](https://www.g2.com/products/aws-identity-and-access-management-iam/reviews) - [AWS Lambda](https://www.g2.com/products/aws-lambda/reviews) - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews) - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews) - [Azure Portal](https://www.g2.com/products/azure-portal/reviews) - [Azure SQL Database](https://www.g2.com/products/azure-sql-database/reviews) - [BambooHR](https://www.g2.com/products/bamboohr/reviews) - [Checkr](https://www.g2.com/products/checkr/reviews) - [Confluence](https://www.g2.com/products/confluence/reviews) - [Datadog](https://www.g2.com/products/datadog/reviews) - [DuploCloud](https://www.g2.com/products/duplocloud/reviews) - [E-Share](https://www.g2.com/products/e-share/reviews) - [GitHub](https://www.g2.com/products/github/reviews) - [GitHub Inc.](https://www.g2.com/products/github-inc/reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - [Google Cloud CDN](https://www.g2.com/products/google-cloud-cdn/reviews) - [Google Cloud Console](https://www.g2.com/products/google-cloud-console/reviews) - [Google Cloud Foundation Toolkit](https://www.g2.com/products/google-cloud-foundation-toolkit/reviews) - [Google Cloud Identity & Access Management (IAM)](https://www.g2.com/products/google-cloud-identity-access-management-iam/reviews) - [Google Cloud Storage](https://www.g2.com/products/google-cloud-storage/reviews) - [Google Workspace](https://www.g2.com/products/google-workspace/reviews) - [Gusto](https://www.g2.com/products/gusto/reviews) - [HR Plus](https://www.g2.com/products/trinet-hr-plus/reviews) - [Jamf](https://www.g2.com/products/jamf/reviews) - [Jira](https://www.g2.com/products/jira/reviews) - [Justworks](https://www.g2.com/products/justworks/reviews) - [KnowBe4 Security Awareness Training](https://www.g2.com/products/knowbe4-security-awareness-training/reviews) - [Microsoft 365](https://www.g2.com/products/microsoft365/reviews) - [Microsoft Entra ID](https://www.g2.com/products/microsoft-entra-id/reviews) - [Microsoft Intune Enterprise Application Management](https://www.g2.com/products/microsoft-intune-enterprise-application-management/reviews) - [Okta](https://www.g2.com/products/okta/reviews) - [Rippling](https://www.g2.com/products/rippling/reviews) - [Slack](https://www.g2.com/products/slack/reviews) - [Supabase](https://www.g2.com/products/supabase-supabase/reviews) - [TriNet](https://www.g2.com/products/trinet/reviews) - [Vercel](https://www.g2.com/products/vercel/reviews) - [Zendesk Sunshine](https://www.g2.com/products/zendesk-sunshine/reviews) ## Thoropass Features **Security** - Compliance Monitoring - Data Loss Prevention - Cloud Gap Analytics **Functionality** - Customized Vendor Pages - Centralized Vendor Catalog - Questionnaire Templates - User Access Control **Generative AI** - AI Text Generation **Generative AI** - AI Text Summarization - AI Text Generation **Cloud Visibility** - Data Discovery - Cloud Registry - Cloud Gap Analytics **Compliance** - Governance - Data Governance - Sensitive Data Compliance **Risk assessment** - Risk Scoring - 4th Party Assessments - AI Monitoring **Workflows - Audit Management** - Audit Trail - Recommendations - Collaboration Tools - Integrations - Planning & Scheduling **Generative AI - Security Compliance** - Predictive Risk - Automated Documentation **Monitoring - IT Risk Management** - AI Monitoring **Security** - Data Security - Data loss Prevention - Security Auditing **Administration** - Policy Enforcement - Auditing - Workflow Management **Documentation - Audit Management** - Templates & Forms - Checklists **Generative AI - Vendor Security and Privacy Assessment** - Text Summarization - Text Generation **Agentic AI - IT Risk Management** - Autonomous Task Execution - Multi-step Planning **Identity** - SSO - Governance - User Analytics **Reporting & Analytics - Audit Management** - Dashboard - Audit Performance - Industry Compliance ## Top Thoropass Alternatives - [Vanta](https://www.g2.com/products/vanta/reviews) - 4.6/5.0 (2,404 reviews) - [Secureframe](https://www.g2.com/products/secureframe/reviews) - 4.7/5.0 (794 reviews) - [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) - 4.8/5.0 (1,618 reviews)