Hear from Capitalize CTO Chris Phillips:

The challenge

Capitalize partners with other financial institutions to help customers move their retirement accounts from their employers such as 401ks to IRAs. Having SOC 2 compliance in placed helped facilitate the deals and demonstrated that Capitalize takes security and customer data seriously. In looking for a compliance solution, Capitalize was looking for a tool that could efficiently organize and map out the path to compliance.

Streamlining onboarding and vendor management

Capitalize had a strong focus on improving vendor management practices, emphasizing the need to maintain accurate records of documents, relationships, and contracts while also evaluating risk and value for the business. A key component of their strategy was ensuring comprehensive training for their staff, recognizing its significance in the overall process. With Thoropass’s due diligence solution, Capitalize experienced enhanced accessibility and organization, enabling them to easily determine their next steps with vendors and respond more effectively.

With a robust onboarding process and expert-led gap analysis, Thoropass was able to jumpstart Capitalize’s path to compliance. Within just two weeks, Capitalize were up and running with a customized program that tracked all the necessary aspects to achieve SOC 2. By partnering with Thoropass, Capitalize found it easier to manage compliance without compromising on other essential responsibilities.

The impact of a seamless audit experience

With Thoropass’s security audit experience, Capitalize experienced a significant reduction in the time needed to complete their audit. The team had full visibility into their audit’s progress, allowing effortless organization and prompt responses to their auditor’s questions—without ever leaving the platform. This enabled far more flexibility, enabling the Capitalize team to engage with the audit team at their own pace.

To build a truly comprehensive compliance program, it takes a village. Several solutions played a role in Capitalize’s compliance journey, all from AWS. These include services like:

  • GuardDuty
  • Cloudwatch
  • CloudTrail
  • Elastic Beanstalk
  • EC2
  • CloudFormation

Leveraging multiple AWS solutions allowed Capitlize to lower costs, innovate faster, and be more agile than it could be otherwise. According to Chris, utilizing Thoropass and AWS Cloud Services to achieve compliance:

  • Saved hours that would have been spent on technical diligence questionnaires.
  • Allowed them to punch above their weight and work with partners of greater size, scale, and tenure than they would have won us as an early-stage company.
  • Secure some large partners that came to fruition because of their focus and investment in compliance.

Featured Partner






Company size



United States