From compliance automation through audit, the Thoropass compliance delivery platform helps you get and stay compliant.
Modern audits delivered by expert auditors
Maintain compliance with real-time monitoring and alerts
Identify vulnerabilities with CREST-accredited pentest experts
Leverage AI for smarter compliance solutions
Streamline audits and improve accuracy with evidence automation
Simplify user reviews to enhance security
Automate responses to security questionnaires
Track and mitigate security risks in one place
Seamlessly connect your tools for streamlined compliance
Audits done the modern way. Leverage AI-powered compliance solutions with expert guidance for seamless, scalable audits.
From controls to audit, rapidly achieve infosec compliance with a single vendor
Manage your risk and streamline compliance
Meet your auditor on day 1 and eliminate any surprises
Discover proven compliance outcomes in the words of our customers.
Catch up on the latest industry trends and expert insights
Watch the latest webinar or meet us in person
Expert-curated resources for your compliance journey
A "true crime" styled podcast for anyone in the compliance industry
Actionable tools for your compliance journey
Implement audit-ready compliance solutions for friction-free infosec compliance outcomes.
Go beyond readiness with unmatched expertise
Stay updated with the latest Thoropass news and insights
Join the team that's reimagining compliance
Let's make compliance easier—together
We're committed to unbiased audits and superior service
Customer Stories / Rimidi
Rimidi offers healthcare providers technology solutions for remote patient monitoring and chronic disease management. For Rimidi and its clients, protecting patient data is a top priority.
Several years ago when Jennifer Ide, Chief Legal and Financial Officer at Rimidi, began seeking HITRUST certification, her goals were to meet client demand, improve the company’s security posture, protect clients’ patient data, and ensure compliance.
At first, the Rimidi team attempted to collect evidence for the framework independently, but found they needed outside support. Jennifer, along with Devin Blanchard, Cyber Security Analyst at Rimidi, worked with a consultant who helped them achieve HITRUST certification—but it was a slow, manual process.
In the meantime, many of Rimidi’s clients were also requesting SOC 2 attestation. Pursuing an additional framework with their consultant would mean starting the process over with a different department. Jennifer and Devin knew that managing two frameworks separately would be impossible with their small team.
They needed a solution to help them both streamline the SOC 2 process and maintain their HITRUST certification. They were looking for a time-saving, easy-to-use platform with a team of experts that could handle multiple frameworks.
Jennifer and Devin found the right combination of software and support in Thoropass. They were impressed by the intuitive user interface, platform integrations, and the knowledgeable team to help them every step of the way. Plus, they were thrilled to learn they could accomplish both frameworks without unnecessary duplicative work.
Implementation was easy, and Devin was using the Thoropass platform within weeks. He was a one-man cybersecurity team, but with their dedicated Customer Success Manager (CSM), he felt he essentially gained a coworker.
Devin explained, “our CSM was super communicative and stayed on top of everything. She made it very easy to understand everything we needed, and nothing fell through the cracks.”
Devin immediately noticed how Thoropass’ platform simplified the evidence collection process for both HITRUST and SOC 2, making it possible to manage both frameworks and avoid duplicating efforts.
Integrations were also important to the Rimidi team. Instead of manually pulling reports, the team used the Thoropass platform to automatically collect evidence from AWS and ADP. The platform then automatically uploaded data to myCSF, HITRUST’s platform, eliminating the need to copy and paste.
Speaking to the importance of these integrations, Jennifer explained “the AWS and ADP integrations saved time and cut down on potential mistakes.”
When it came time for their audits, Jennifer and Devin were impressed by the auditors’ communication. Despite having two auditors for two separate frameworks, they had one clear view into their overall progress for both. The Rimidi team completed their HITRUST renewal much more easily than their previous experience, and successfully passed their first SOC 2 Type 1 audit.
“The auditors told us everything that we needed to know. None of the evidence was left up to interpretation. I knew exactly what to pull, how to pull it, and what the frameworks required. They communicated well and we were able to do everything within our timeline,” explained Devin.
With SOC 2 and HITRUST, Rimidi has closed new deals, simplified their security questionnaire process, and shortened their sales cycle.
Moreover, they now have stronger security policies and procedures in place and increased visibility for internal and external stakeholders.
Speaking to this, Jennifer stated “we grow as a company every time we go through this process. There were things that Thoropass helped us discover during HITRUST and SOC 2 that made us more secure as a company. It gives our leadership team and our board increased confidence that we’re doing all the right things to avoid an incident.”
With the time saved streamlining their audits, the Rimidi team is able to focus on more strategic tasks.
Jennifer’s advice to other companies: Find a compliance partner that delivers value.
“It’s definitely worth the money. Compliance is not cheap, but we’ve been able to get these two certifications and keep up with our customer needs with a one-man compliance team. There’s no way we would have been able to do that without Thoropass,” explained Jennifer.
Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.
SOC 2
PCI DSS, SOC 2
