Achieve infosec compliance without the headaches
Manage your risk and maintain compliance with ease
Evidence requests, questionnaires, penetration tests, all-in-one
Meet your auditor on day 1 and eliminate any surprises
Connect to the tools that matter most for your audit
See how our automated platform provides more than just readiness through clear roadmaps, transparent communication, and in-app audits
Get the recording icon-arrow
Stand out in a highly regulated industry
Minimize your risk while maximizing returns
Safeguard your data and close more deals
A bespoke solution for your unique business
Steve Heilenman | CIO, Benefix
Read More icon-arrow
Financial data security without the stress
Efficient SOC 2 compliance with no surprises
Enhance your security posture and build trust worldwide
Stay on top of data privacy regulations
Secure transactions,no matter your scale
Protect patient health data with confidence
Stand out in highly regulated industries
Many more standards including custom frameworks
Josh Horowitz | CTO, Stylo
Explore more success stories icon-arrow
Find out why the OrO Way is the best way to do compliance
See how we drive better outcomes through compliance
Go beyond readiness with unmatched expertise
Ensuring compliance is never a blocker to innovation
Join the team that's reimagining compliance
Let's make compliance easier—together
Your team of compliance experts is standing by. Meet your auditor on day 1 and get answers when you need them.
Get to know them icon-arrow
Catch up on the latest industry trends and expert insights
Attend the latest webinar or meet with us in person
Actionable tools for your compliance journey
Expert-curated resources for your compliance journey
A podcast for B2B CISOs
Customize and download your free information security policy and be well on your way to SOC 2 compliance.
Use our policy generator icon-arrow
Customer Stories / Elpha Secure
Elpha Secure combines insurance coverage with cybersecurity software to help small to midsize businesses mitigate cyber risks. Being in a highly-regulated industry, Elpha Secure needs ongoing and comprehensive compliance in order to do business.
Paul Schottland, CTO at Elpha Secure, is no stranger to compliance. With decades of experience engineering large-scale enterprise and security software products, he’s been through many certification processes: SOC 2, ISO 19001, ISO 21001, NIST Compliance Framework, FedRAMP, and more. And he knows how time-consuming compliance can be.
Paul had worked with many compliance platforms and consultants before joining Elpha Secure. Some of the most frustrating parts of the certification process were vague communication and documentation. Auditors producing ambiguous feedback or vague control requirements meant engineers spent redundant time researching how a control or requirement was previously met.
But when Paul was introduced to Thoropass, he was surprised at how efficient the process could be—and the functionality of the recurrent mapping for recertification.
Elpha Secure had already achieved its initial SOC 2 certification using Thoropass when Paul joined as CTO. However, when Paul led the process for SOC 2 renewal, he was immediately impressed by the simplicity of Thoropass’s platform.
“It was very easy to follow the layout and the model in Thoropass, and the workflow attached to it. Having that trackability and traceability through the system is super helpful.” —Paul Schottland
The detailed documentation of the previous year’s audit and evidence made the SOC 2 renewal much more efficient.
Paul also values that Thoropass maps requirements from one certification to another. Many of the controls are transferable, so when Elpha Secure was pursuing HIPAA compliance after SOC 2, his team didn’t need to do repeat work.
“If I’m interested in SOC 2 compliance, I’m probably going to be involved with GDPR or HIPAA compliance someday. Thoropass identifies those overlaps, so I can lean on the work we’ve done on certification X to save time with certification Y.” —Paul Schottland
Thoropass combines its easy-to-use software with a team of in-house compliance experts to guide customers through the certification process. Paul valued the straightforward communication from the Thoropass team, who asked pointed questions and provided actionable feedback.
Elpha Secure completed its SOC 2 renewal in just 10% of the time Paul expected.
Recently, Elpha Secure completed its self-attestation for HIPAA. Next, Paul plans to tackle GDPR.
Achieving and maintaining its SOC 2 and other certifications enables Elpha Secure to acquire new customers and do business in the insurance industry.
“I would say that it is very difficult to do business without being able to demonstrate SOC 2 compliance, given that you’re handling security information and security data.” —Paul Schottland
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
SOC 2
HIPAA
