From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / Forage
Forage is a payment processor that enables merchants to accept funds from government food assistance programs online, such as SNAP (Supplemental Nutrition Assistance Program) benefits, through its single, unified API. As a mission-driven company increasing access to groceries for millions of Americans, Forage makes compliance a top priority.
Rob Gormisky, Information Security Lead, and his team at Forage previously relied on vendors to manage their customers’ cardholder data. They were already PCI DSS-compliant, but when they decided to bring the cardholder data in-house, they needed to increase their PCI compliance to a Level 1.
In addition, customer demand was increasing for SOC 2 compliance, and Forage had a contractual obligation to be SOC 2 certified by the end of the year.
Facing multiple compliance frameworks and a PCI audit larger in scope than they had done before, Rob and his team began looking for a compliance partner to help them streamline the process.
“Knowing that it was going to be a compressed timeline, we wanted to pick a partner who was going to automate as much as possible for us. Additionally, having a single vendor that could support us with both frameworks was critical.” –Rob Gormisky, Information Security Lead, Forage
Rob was looking for a partner that had expertise in both SOC 2 and PCI requirements, experience with cloud environments, and an easy-to-use platform with the right integrations. Thoropass fit the bill.
Rob and his team began their SOC 2 and PCI journeys simultaneously with the help of their Thoropass Customer Success Manager (CSM). Their CSM helped them with the scope and sequence of the two projects to make evidence collection as efficient as possible.
Unlike Rob’s previous experiences with traditional audit firms, both Thoropass’ CSMs and auditors understood cloud environments, allowing for seamless, timely communication and relevant advice. Instead of spending weeks trading spreadsheets with auditors, he received clear feedback the same day via Thoropass’ platform.
“Whenever I had a question, I was never waiting for a significant period of time, even if it was a particularly thorny question. Having a web dashboard to communicate back and forth was definitely huge for us.” –Rob Gormisky
Integrations with platforms like AWS, Rippling, and GitHub sped up the process even further–about half the evidence was collected automatically.
“If I had to gather every single piece of evidence for the SOC 2 audit manually, it would have delayed my PCI audit significantly. It would not have been possible without working with the same auditor for both frameworks.” –Rob Gormisky
Some of Rob’s other favorite features were data rooms, which enabled his team to track versions of documents, and time-saving SOC 2 policy templates.
Not only did the Forage team meet their SOC 2 timeline, but they beat it with a month to spare. They also met their full-scope PCI audit deadline, raising them to Level 1 compliance.
Each certification had an immediate positive impact on the business.
“SOC 2 is for sales, and PCI is for partnerships. They unlock different things for us. Without SOC 2 compliance, we would not have our largest enterprise customer today. There are partnerships that we are now able to build with other FinTech companies that were not possible when we didn’t control a full Level 1 PCI environment.” –Rob Gormisky
Internal communication has also improved, allowing for more effective governance.
“Having a risk assessments platform that various stakeholders within the organization can access has led to more productive discussions. It’s helped me disseminate security information more broadly and bring more people into the fold on compliance.” –Rob Gormisky
But one of the biggest benefits to Rob’s team was Thoropass’ thought partnership on product development. Before Forage’s team of four engineers built the technology to store cardholder data, Rob got design feedback from the Thoropass experts.
“I was able to ask the auditors about PCI requirements upfront before spending engineering resources to build the product. That was genuinely invaluable.” –Rob Gormisky
That insight saved his team an estimated 3-6 months and over $100K in development costs by reducing potential remediations and focusing their scope.
Forage plans to maintain its SOC 2 and PCI certifications with Thoropass and may pursue additional frameworks in the future.
“Having a partner that already understands our business makes it way easier to bring on new compliance frameworks and to figure out which ones are relevant to our business.” –Rob Gormisky
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’ thoughtful automation, expert guidance, and security audit experience.
SOC 2
