From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Build trust with a professional, public-facing portal
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / Long Tail Health Solutions
Using its generative AI engine, Long Tail helps hospitals and health systems prevent coverage denials and recover revenue tied to clinical justification requirements from insurance companies.
Chris Ingrao, Co-founder and COO of Long Tail, was experienced in the challenges of compliance. At the previous company he founded, he handled compliance the old-fashioned way: with manual spreadsheets, documentation kept in various places, and an audit disconnected from the rest of the process.
When launching Long Tail, Chris knew there had to be a more efficient way to manage governance, risk, and compliance (GRC). As a team of one, his wishlist was expansive: a tool to streamline the process, support for multiple frameworks including SOC 2 and HIPAA, integrated audits, and penetration testing, all in one place.
Chris explained, “the biggest concern was team size. I was the only person doing this work, and the thought of writing all the policies, designing and implementing all the controls, and operationalizing the procedures across the company to obtain and maintain compliance felt like a herculean task.”
Many well-known vendors offered services like document acknowledgements, access reviews, and risk registers, but lacked a critical piece for Chris: the integrated audit.
Only one solution offered the one-stop shop he was looking for: Thoropass.
From the earliest stages of the company, Chris began working with Thoropass to pursue HIPAA attestation and SOC 2 certification. Right away, Chris found great value in working with his Thoropass Customer Success Manager (CSM).
“Our CSM was very helpful as we erected our entire program from scratch,” shared Chris.
The CSM put a roadmap in place and walked Chris through the process for both frameworks, answering questions along the way. Thoropass’ up-to-date policy templates, reflecting the latest best practices, were particularly valuable.
Chris explained, “having an expert maintain an updated set of policies and controls for compliance frameworks over time is super helpful. It saves a ton of time to go to one place rather than sourcing it ourselves.”
Thoropass’ easy-to-use platform simplified evidence collection, automating data collection from integrated platforms while keeping evidence organized and aligned to the frameworks.
For Chris, an unexpected benefit of Thoropass was the guidance provided to his engineering teams while their software products were in development. Starting this process early helped Long Tail Health to build from the ground up with security in mind. He explained, “by assigning certain GRC tasks to engineering leadership, it’s easier to ensure security is factored into their software development lifecycle in a way which was more challenging previously.”
Long Tail Health completed two penetration tests of its web application with Thoropass’ in-house pentesters. The pentests were scoped to Chris’ requirements, and the results were integrated into the Thoropass platform as data to be used for their SOC 2 audit. With the actionable feedback provided in the pentest reports, Chris and his team were able to quickly remediate the priority findings.
Once the required policies were in the place, Chris successfully completed Long Tail Health’s HIPAA self-attestation. When it came time for the SOC 2 audit, Chris had a kickoff call with the Thoropass in-house auditor, exchanged several messages with the auditor within the platform, and soon received his SOC 2 Type 2 report.
For Chris, working with Thoropass made compliance feel achievable, while saving time and headaches.
Having robust policies in place enables Chris to answer customers’ detailed security questionnaires to their satisfaction. Additionally, the HIPAA attestation and SOC 2 report increase customer confidence.
According to Chris, Thoropass’ continuous risk monitoring has been helpful throughout the process, including their audit window for SOC 2 Type 2. Once Long Tail Health’s SOC 2 Type 2 certification is complete, he will continue to leverage Thoropass for ongoing compliance management.
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
ISO 27001, Penetration Testing, SOC 2
HIPAA
