From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Build trust with a professional, public-facing portal
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / ELEKS
ELEKS is a global technology consulting company that provides custom software development, system integrations, data analytics, and cybersecurity solutions. With over 30 years in business, ELEKS has a long history building a robust security posture to meet the needs of its clients in multiple industries, including healthcare.
Andrew Park, Healthcare Technology Lead at ELEKS, recognized the need for HITRUST certification to compete in the US healthcare market. Increasingly, prospects were asking for HITRUST, and ELEKS had contractual obligations with several clients to get certified.
Andrew turned to Oleksandr Pluzhnikov, Head of Cybersecurity at ELEKS, to begin the process. Oleksandr and his team had previously achieved other certifications including SOC 2 Type II, ISO 9001, and ISO 27001 with the help of their existing compliance vendor, so as usual, they began working with the vendor to collect evidence for HITRUST.
Unfortunately, challenges related to scope definition and communication made the HITRUST audit process more complex than expected, requiring multiple attempts to align with certification requirements.
However, when the HITRUST e1 assessment was released, the ELEKS team decided to try again with a different vendor.
Andrew explained, “we saw e1 as an opportunity to gain entry into the HITRUST certification process without it being totally exhaustive and time-consuming.”
They were looking for a compliance partner with HITRUST expertise that would offer flexible, end-to-end support and an efficient workflow. After evaluating three vendors, Andrew, Oleksandr, and the team selected Thoropass to help them get the job done.
Oleksandr explained, “before we entered the agreement, our Thoropass representative spent a lot of time ensuring that we understood all the details and had a common vision. This alignment was key for us.”
Implementation was painless for the ELEKS team. Unlike their previous vendor, Thoropass’ customer support team provided transparent scoping and timelines from the beginning.
Speaking to this, Oleksandr explained “we agreed on the timeline while we were signing the agreement. It was very straightforward, clear, and all of the tasks were definite. We never had a situation where we were waiting on something from Thoropass that wasn’t delivered in time.”
ELEKS had an end-of-year certification deadline, and Thoropass’ Customer Success Manager (CSM) kept the team on track throughout the process with regular meetings and communication. When certain milestones were delayed, the CSM helped them pivot.
According to Oleksandr Pluzhnikov, “we had all the required attention and resources from the Thoropass side and it was pretty efficient for our team. Overall, it went smoothly.”
Unlike other frameworks, the HITRUST certification process is highly prescriptive. Evidence must be collected and uploaded to HITRUST’s platform, MyCSF. But the Thoropass platform integrates with MyCSF, avoiding duplication of work.
The ELEKS team achieved HITRUST e1 certification and met their deadline, fulfilling their contractual obligations and opening up opportunities in the US healthcare market.
Unlike with their previous attempts, through alignment sessions with the Thoropass team, ELEKS was able to accurately scope their assessment. Speaking to the importance of this, Andrew stated, “scope was the key to success. It was one of the reasons why we didn’t succeed previously, so we spent a lot of time, even before we signed a contract, talking about scope.”
According to Oleksandr, the number one-lesson was to find the right partner. For ELEKS, this meant flexibility.
The Thoropass compliance experts evaluated ELEKS’ current security processes, and worked with them instead of insisting on changing them. Recognizing that ELEKS already had robust controls in place, the Thoropass team used their deep knowledge of HITRUST to fully explain the requirements and create a tailored plan. For the ELEKS team, this personalized service made all the difference.
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
HITRUST, SOC 2
SOC 2
