From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Build trust with a professional, public-facing portal
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / Healthsnap
HealthSnap is an operating system enabling healthcare providers to manage patients’ chronic health conditions virtually.
Chase Preston, Co-Founder and COO of HealthSnap, knew from the early days of the business that a robust security posture would be necessary to move upmarket. As they began selling to larger health systems, Chase and his team decided to go straight for the complex HITRUST certification, a globally-recognized framework especially trusted in the healthcare sector.
The first two times they got certified, the HealthSnap team worked with a traditional assessor and implemented controls on their own. The manual process required constant upkeep: storing documents in Confluence, using Jira ticketing, managing user access logs, and setting up reminders. With only 15 employees, the process was tedious but manageable.
However, as the company grew to more than 200 employees, the manual approach became more time-consuming to maintain. When it came time to re-certify, Chase decided to look for a tool to streamline the process and automate ongoing compliance.
With Thoropass, Chase found more than a tool: He found a fully comprehensive compliance solution.
“We picked Thoropass because it provides an assessor and a platform. A lot of other companies have only a platform and bring in a third-party assessor. Thoropass is a one-stop shop, which makes things much easier.” –Chase Preston
In addition to the easy-to-use platform, Chase found the Thoropass support team responsive and knowledgeable. As part of the implementation, the Thoropass team helped HealthSnap map their requirements from HITRUST v9.5 to v11.2.
Thoropass’ industry experts also shared valuable insight on future HITRUST requirements, helping HealthSnap to plan for the future.
One-stop security validation with in-house penetration testing
Previously, Nicola Onassis, CTO of HealthSnap, had to contract a separate vendor for penetration testing, a HITRUST requirement. This time, Nicola was able to simplify the process using Thoropass’ in-house pentesting service.
The pentesters followed a recognized testing methodology, OWASP, and tailored the pentest to meet HealthSnap’s unique features. The testing included their web application, APIs, and mobile apps.
“The communication was good. The main pentest manager kept us updated on the progress of the tests and also coordinated with the team on setting things up.” -Nicola Onassis
Nicola found the pentesters’ report and remediation guidelines clear, and he resolved the high-priority issues quickly.
The HealthSnap team successfully renewed their HITRUST certification and moved to version 11 while saving time and effort.
For Chase, the most significant benefit came from Thoropass’s HITRUST expertise, specifically the detailed guidance on version mapping.
“Since we are not new to HITRUST, our main goal was to go from version 9.5 to version 11.2. The biggest thing that Thoropass helped us with was making sure we understood the controls between versions. Doing that manually would have taken our team a lot longer.” –Chase Preston
Moving forward, Chase and his team plan to get even more value out of Thoropass with increased automation. They are migrating evidence into Thoropass, setting up automated tasks for regular reviews, and saving time on security questionnaires with automated response tools.
“Our mindset is to use tools to their fullest capability. We’re trying to minimize using other tools like Confluence or Jira for security, and have everything in one spot with Thoropass.” –Chase Preston
In addition, they plan to use Thoropass’ risk assessment tool, Risk Register, for continuous risk management.
Chase’s advice to other companies considering HITRUST: Start early.
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
PCI DSS, SOC 1, SOC 2
ISO 27001, Penetration Testing, SOC 2
