Thoropass leads automated infosec compliance solutions by becoming a QSAC for PCI payments

NEW YORK, NEW YORK, USA, January 24, 2024 /via

Thoropass, an industry leader in infosec compliance and audits, announces that it is now a Qualified Security Assessor Company (QSAC) for the ubiquitous payment compliance framework PCI DSS. As a QSAC, Thoropass becomes the only closed-loop solution that offers a third-party Report on Compliance (RoC), Attestation of Compliance (AoC), and Self Assessment Questionnaire (SAQ) in PCI. This latest offering further allows Thoropass to provide multi-framework compliance audits–like SOC 2, ISO 27001, and HITRUST–so that companies can achieve maximum compliance with minimum audits.

Any company that processes, stores, or transmits payments, and the user data accompanying those payments, will be aware of PCI DSS as the industry standard in compliance assurance. Thoropass’s approach to PCI audits aligns with its OrO Way, a unique blend of compliance software and in-house audits. Since its founding, Thoropass has provided a customer-first approach that gives clients expert guidance to minimize the complexities of compliance, AI-infused automation to streamline the process, and year-over-year compliance management to maintain continuous compliance. With the addition of PCI DSS, Thoropass customers can now leverage PCI compliance as a strategic differentiator.

“The fact that customers can use our single platform to automate their PCI audit preparation for RoC, AoC, and SAQ without dealing with additional external third parties is a game changer,” said Thoropass President and COO Eva Pittas. “PCI DSS is the gold standard in ensuring payment security, and by becoming a QSAC, our customers will benefit by unlocking new business avenues for growth, especially regarding the digital economy.”

Though PCI is industry agnostic, FinTech companies especially benefit from the coverage that the framework provides. As FinTechs scale and innovate, the security PCI gives to their stakeholders and partners is unmatched.

“With PCI DSS on top of its SOC 2 and ISO offerings, Thoropass is now even better positioned for FinTech companies to maintain their compliance without the need for third-party hand-off,” said Christopher Dawe, Managing Partner of Growth Equity Partners at J.P. Morgan Asset Management. “Thoropass’s OrO Way combines technology, service, and a verified third-party attestation of compliance in a seamless way. We’re pleased to see the continued momentum in the business.”

Though Thoropass has offered PCI auditing capabilities in the past, the designation to become a QSAC brings PCI audits alongside Thoropass’s other offerings for the first time. By combining automation technology and in-house services in one platform, Thoropass customers benefit from time and resource efficiencies and assurance and predictability in timelines and security.

“This is the product that I wish I had running my FinTech business a decade ago,” said Sam Li, Co-Founder and CEO of Thoropass. “Being able to manage and be assessed on PCI in one end-to-end software suite is a game changer for every FinTech company. We are so excited to bring this to market.”

Thoropass formally announces this offering by also promoting its educational resources, including blogs and webinars, that are free to current and prospective customers.

For more information about Thoropass and PCI DSS, visit

Share this post with your network: