From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Build trust with a professional, public-facing portal
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / Healthsnap
HealthSnap is an operating system enabling healthcare providers to manage patients’ chronic health conditions virtually.
Chase Preston, Co-Founder and COO of HealthSnap, knew from the early days of the business that a robust security posture would be necessary to move upmarket. As they began selling to larger health systems, Chase and his team decided to go straight for the complex HITRUST certification, a globally-recognized framework especially trusted in the healthcare sector.
The first two times they got certified, the HealthSnap team worked with a traditional assessor and implemented controls on their own. The manual process required constant upkeep: storing documents in Confluence, using Jira ticketing, managing user access logs, and setting up reminders. With only 15 employees, the process was tedious but manageable.
However, as the company grew to more than 200 employees, the manual approach became more time-consuming to maintain. When it came time to re-certify, Chase decided to look for a tool to streamline the process and automate ongoing compliance.
With Thoropass, Chase found more than a tool: He found a fully comprehensive compliance solution.
In addition to the easy-to-use platform, Chase found the Thoropass support team responsive and knowledgeable. As part of the implementation, the Thoropass team helped HealthSnap map their requirements from HITRUST v9.5 to v11.2.
Chase explained, “updating to a new version can be a big lift to ensure that we’re not overlooking any new requirements, but with Thoropass’ help they made it easy and we were able to map the differences across the 2 versions.”
Thoropass’ industry experts also shared valuable insight on future HITRUST requirements, helping HealthSnap to plan for the future.
One-stop security validation with in-house penetration testing
Previously, Nicola Onassis, CTO of HealthSnap, had to contract a separate vendor for penetration testing, a HITRUST requirement. This time, Nicola was able to simplify the process using Thoropass’ in-house pentesting service.
The pentesters followed a recognized testing methodology, OWASP, and tailored the pentest to meet HealthSnap’s unique features. The testing included their web application, APIs, and mobile apps.
“The communication was good. The main pentest manager kept us updated on the progress of the tests and also coordinated with the team on setting things up,” reflected Nicola.
Nicola found the pentesters’ report and remediation guidelines clear, and he resolved the high-priority issues quickly.
The HealthSnap team successfully renewed their HITRUST certification and moved to version 11.2 while saving time and effort.
For Chase, the most significant benefit came from Thoropass’s HITRUST expertise, specifically the detailed guidance on version mapping.
“Since we are not new to HITRUST, our main goal was to go from version 9.5 to version 11.2. The biggest thing that Thoropass helped us with was making sure we understood the controls between versions. Doing that manually would have taken our team a lot longer,” stated Chase.
Moving forward, Chase and his team plan to get even more value out of Thoropass with increased automation. They are migrating evidence into Thoropass, setting up automated tasks for regular reviews, and saving time on security questionnaires with automated response tools.
In addition, they plan to use Thoropass’ risk assessment tool, Risk Register, for continuous risk management.
Chase’s advice to other companies considering HITRUST: Start early.
“It’s easier to set up as a small company. It’s obviously a cost, but it’s worthwhile, because it’ll take much longer when you are a large company. If you even think you’re going to need it in the future, do it earlier rather than later,” explained Chase.
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
ISO 27001, SOC 2
PCI DSS, SOC 1, SOC 2
