Thoropass becomes the first infosec compliance solution to achieve ISO 42001 certification, ensuring secure and responsible AI use

Thoropass is now the only compliance and audit solution to be HITRUST i1 and ISO 42001 certified, protecting customers and their data

[October 23, 2024, New York] Thoropass, the leader in compliance automation and information security, has announced its achievement of the ISO 42001 certification, marking a significant step in its mission to set new benchmarks for information security and responsible AI governance. As it prepares to offer ISO 42001 to its customers, Thoropass now becomes the industry’s only vendor to operate its AI usage under the industry’s most up-to-date standards.

Leading the industry in ISO 42001 adoption

Matching its imminent offering of the security framework to customers, Thoropass has achieved ISO 42001 certification, which provides a comprehensive framework for mitigating AI-related risks related to ethics, transparency, and security. Over the past year, Thoropass has been at the forefront of AI innovation and risk management, introducing platform enhancements like the GenAI-powered DDQs (Due Diligence Questionnaires) and services like AI Pentesting. But simply offering AI services to customers without also being compliant in ethical and secure use wasn’t enough for Thoropass.

According to Thoropass CISO Jay Trinckes, “We were integrating AI into our platform and wanted to ensure we built trust throughout this process. AI can introduce unique risks, and ISO 42001 provides a management system to handle those risks in a consistent and efficient manner. Our goal was to lead the way in responsible AI practices.”

Thoropass worked with Mastermind Assurance for its ISO 42001 audit. According to David Forman, CEO of Mastermind Assurance, the issuing certification body, “Thoropass’s teams were well-equipped to expand their management system to meet the requirements of ISO 42001. The audit process felt more like a recertification of the management system due to the company’s meticulous adherence to security and governance standards.”

Thoropass’s recent certification achievements are a testament to its leadership in the field. At this point, no other direct competitor has adopted AI technology and compliance to the extent that Thoropass has. The company has set the bar for responsible AI use, data security, and compliance across industries. As businesses face the evolving challenges of AI and information security, Thoropass is uniquely positioned to guide them toward a secure and compliant future.

Already the first to be HITRUST i1 certified

Like offering and being compliant with ISO 42001, Thoropass offers the HITRUST security framework while being compliant itself. Thoropass was already the first solution that offers the HITRUST e1 framework and is compliant with it, but now is in a league of its own by offering and being compliant with HITRUST i1, a more robust framework for highly regulated industries like healthcare.

With the HITRUST i1 framework being a globally trusted standard for risk-based, information security certifications, this achievement not only reaffirms Thoropass’s commitment to safeguarding data, but also enhances its capacity to help customers meet their own compliance requirements in healthcare and other highly regulated industries.

“Achieving HITRUST i1 certification is another milestone in our mission to ensure comprehensive security across our platform,” said Jay Trinckes.

Thoropass worked with CyberCrest Compliance for its HITRUST i1 certification. The Thoropass platform and being a HITRUST-approved External Assessor itself helped facilitate a seamless HITRUST certification process. According to Arti Shala of CyberCrest Compliance, “As an External Assessor, it was a great experience working with an organization that was on top of its own control implementation using automation built into the Thoropass platform.”

With ISO 42001 and the HITRUST e1 and i1 certifications, Thoropass continues to lead the way in how infosec compliance solutions can–and must–demonstrate security best practices by example.

About Thoropass
Thoropass, previously known as Laika, focuses on facilitating infosec compliance processes for businesses, ensuring that regulatory adherence enhances rather than hinders operational progress. The organization integrates software solutions and direct services into its clients’ operational frameworks, aiming for seamless audit preparedness annually. With a team of in-house, independent auditors proficient in major compliance frameworks such as SOC 2, HITRUST, HIPAA, GDPR, PCI DSS, ISO 27001, and ISO 42001, among others, Thoropass conducts over 500 audits every year, with a commitment to supporting companies in maintaining high standards of compliance and security.

Media Contact
Chris Gerben