Blog Compliance News and Events Walking the Walk: Thoropass’s SOC 2 Type 1 December 2, 2020 Oro Last quarter, our Compliance Architects set their sights on conquering SOC 2, but it wasn’t for a client. As a SaaS company working to protect our customers through compliance, we knew it was time to showcase our best practices to pass our SOC 2 Type 1. We are happy to announce that we passed our audit with flying colors! We worked to accurately depict Thoropass’s (formerly Laika) secure operations throughout the SOC 2 process. The team used our platform and our audit partner to perform the audit. Thoropass did have a leg-up from the start. As a team that values security and privacy, our founders built information security practices into Thoropass’s SOC 2 compliance automation platform from day one. And we have a team of compliance experts who have been through countless SOC 2 audits. Why Does Thoropass Need SOC 2? First things first. While many businesses put off getting a SOC 2 until their clients demand it, our team knows the importance of getting ahead of the game. We’ve seen businesses wait until it’s too late–resulting in lost deals, painful sales cycles, and overall frustration–and we knew it was time to get certified. Our compliance architects understood the required commitment. Ultimately, not having our SOC 2 impacts overall trust with our customers. In the wake of our Series A, we are extremely focused on growth and a SOC 2 is critical for a high-growth start-up. But it’s not only sales that pushed us to get certified. As our customers know, we have sensitive customer information on our platform. We wanted to show to customers and prospects the credibility of our security measures to protect customers’ data. How did Thoropass manage the SOC 2 Type 1 Process? The team managed our SOC 2 just like we manage our clients’ processes. Our Head of Security and senior Compliance Architect, Dana, led the SOC 2 readiness process. Of course, Dana had support from his team, our founders, and our operations team. SOC 2 requires gathering evidence, from documentation to policies and procedures. That means taking screenshots of systems, uploading PDFs, and creating new policies. All of these pieces of evidence should form a complete story about how a business operates securely and what measures have been taken to protect information and data. This process can be laborious and confusing. In part, because all that evidence needs to be organized, applied to controls, and passed onto auditors. This is a long-winded way of saying, “This is why we created Thoropass.” And we’re thrilled that our platform works exactly the way we dreamed it would: by taking the headache out of compliance. How did Thoropass tackle compliance tasks? Methodically. We’re fortunate to have in-house compliance experts who can (almost) complete a SOC 2 in their sleep. But it did require organization, strategic decision-making, and project management. We’ll get into more specifics in later blog posts, so you can understand exactly how the experts do it for their own company. Thoropass’s future compliance goals Our SOC 2 Type 1 was a big step in the right direction. The team has set our sights on Type 2 in 2021. And with customers operating all over the world, our team is working to keep our corporate website and internal systems up to GDPR and CCPA privacy standards. Compliance touches every employee at your company. For example, our team used the Thoropass platform to perform Security Awareness Training for each employee. Yes! Just another perk of the Thoropass platform; unlimited seats for any employee, Security Awareness Training included. Thoropass continues to practice what we preach by building security and privacy into our operations and culture. Leveraging our own platform to manage compliance and audit workflows as we grow and scale helps us empathize with our customers even further. We keep improving our product for the best possible compliance outcome every time. If you’re staring down a SOC 2 certification, we’re here to help. Contact the team to let us know your needs and see if Thoropass is a fit for your business. Try our Multi-framework quiz! Learn what frameworks are ideal for your business. Discover how a multi-framework approach can expand your security posture, due diligence, and open new markets to build out your business. Read more icon-arrow Share this post with your network: Facebook Twitter LinkedIn