Product Updates What’s new with the Thoropass platform? Our product and engineering teams are constantly innovating to help streamline your compliance journey. Follow this page for updates on new features and capabilities of the Thoropass Platform. FEATURED UPDATE Thoropass Access Reviews Simplified and audit-ready access reviews with Thoropass. Our automation makes reviewing user access easier and faster, tracking and managing all your progress in one place. Find the latest release November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 March 2024 February 2024 November 2024 Centralized to-dos with enhanced Thoropass Tasks The enhanced Tasks simplifies multi-framework and multi-workspace compliance with a unified task view and a visual dashboard to efficiently manage and assign tasks. Track integrated evidence requests, send one-click reminders, and streamline workflows—all in one place for smoother, more effective compliance management. New Control Page UI for a more consistent platform experience The updated design features visual table enhancements, sortable columns, easy-to-use filters, and efficient bulk actions like assigning owners to multiple rows. These improvements streamline your workflows, making control management faster and clearer. New frameworks from Thoropass: HIPAA, HITRUST, and ISO changes Thoropass now fully supports four new compliance frameworks—HIPAA CE Privacy Rule, HITRUST AI Cybersecurity Assessment, ISO 42001, and ISO 27018 — to meet the growing demands of AI governance, data privacy, and health information protection. October 2024 Expanded configurability for Policy Acknowledgements You can now choose to assign Thoropass template training to “all employees” or “I’ll choose assignments.” Additionally, you can decide whether to assign new hires automatically for both new and existing training. Data Rooms enhancement for safer and simpler file sharing Thoropass Data Rooms makes sharing documents, such as audit reports, completed DDQs, and questionnaires during vendor reviews and audits, easy and secure. New pre-built templates help you quickly set up data rooms based on vendor needs, and you can now include an NDA if required. Instead of sending multiple files through email, recipients now get a dedicated page, and you can track who views what with access logs. Audit Evidence referred on Controls It provides clear evidence request references linked to your control action items, helping you understand how each control supports your audit process. September 2024 Simplify access review with New Thoropass Access Reviews Say goodbye to manually updating spreadsheets and chasing down different stakeholders for your compliance access review. Our new access review helps you figure out which systems need to be reviewed based on your framework requirements, keep track of everything you need to do, and collect all the evidence for audits automatically. New Framework: 23 NYCRR Part 500 Thoropass now supports the New York Department of Financial Services 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies. Thoropass Launches a New Integration Partner Program Thoropass launched a new integration partner platform designed to accelerate the number of integrations available to our customers. The new partner APIs offer greater flexibility and integration options for partners, enabling them to empower customers with streamlined compliance. August 2024 New employee education module to streamline compliance training Our updated “Training” feature has been renamed to “Employee Education” and now offers two types of learning: “Training” and “Acknowledgement”. These customizable options allow users to set up targeted training and policy acknowledgment requirements. Multi-workspace user login Users can quickly and easily access all their Workspaces with a single login, saving time and eliminating the need for multiple credentials. Monitors for PCI We now have monitors mapped for PCI attestation. This enhancement provides real-time visibility of your compliance practice, helping you quickly identify and respond to any anomalies. Reach out to your customer success manager to turn it on! July 2024 Enhancement in policy and control management Users can now see which policies are connected to each policy control. Our built-in policy templates are automatically linked to the relevant controls. Custom policies can be manually linked to the relevant controls. Additionally, we’ll notify users in-app and via email when a review deadline is approaching to ensure compliance and efficiency. New contributor access to audit The new contributor access feature allows contributors to view and access specific evidence requests assigned to them within an audit. This ensures they can only view and manage the requests assigned to them, enhancing security and streamlining the process. More auditor-approved security integration We’re excited to announce new integrations with Snyk, Qualys, and Tenable. With our expanding auditor-approved integrations, you can effortlessly automate evidence collection, enhancing efficiency and ensuring that the data pulled will be accepted during an audit. June 2024 MORE privileged access monitors Thoropass integrates with your systems to automatically generate a snapshot of privileged access users for your auditors’ review. It speeds up the audit process by eliminating manual work and meetings for access evidence collection. We currently support Azure, Google Cloud, AWS, Okta, Datadog, Bitbucket, Sentry with more to come. View previously completed audits We now provide non-editable access to completed audits for evidence details and comments review. Automated Action Items When Thoropass users integrate their cloud service provider with the Thoropass platform, up to 100% of the action items related to cloud security configurations can be automatically completed with just a click. It also gives users a real-time status of their security posture and alerts them when discrepancies are identified in their cloud instance. Additionally, when you publish policies in Thoropass, the software will alert you when it’s time to review and republish those policies. Once you republish, Thoropass automatically completes those action items. Jira two-way sync enhancement Action Items synced to Jira tickets now include the control name, control ID, and action item ID in the Jira ticket to make those tickets easier to find via Jira search and to enable Jira automation. With Thoropass multi-framework action items, you only have to complete an action once for it to count across frameworks. When a multi-framework action item is synced to Jira and your company adds a framework, Thoropass automatically updates the Jira ticket with the new framework content appended as a comment. May 2024 Consolidate shared requirements with multi-framework action items The new dynamic action items allows you to organize tasks to implement and maintain compliance across all your frameworks. The new action items reduce repetition with unified Action Items and visualize the differences between frameworks for faster action. Optional publish policy workflow now available Admins can now toggle on a more strict publishing flow for policies in their company. The new workflow requires a separate Approver’s sign-off before any policy is published. This update enforces unique Owner and Approver roles for a policy, ensuring clear accountability. A Policy owner would send a request to publish their policy to an Approver, and the Approver can request further changes or approve and publish the policy. Slash the time it takes to fill out questionnaires using GenAI DDQ The product uses advanced processing tools to assess a given question and match it to the company’s own existing library of previously answered questions. For any question that can’t be matched, GenAI is used to scan existing PDFs of prior surveys, policies, procedures, reports, etc., and suggest answers that can be adopted or edited as appropriate. March 2024 Streamlined multi-framework audit process with a New Combined Audit Offering The new audit page UX streamlines navigation through your audit tasks, enhancing audit efficiency. With the revamped dashboard, gain immediate visibility into your audit progress, the status of evidence requests, and auditor in-app updates. Also, explore the details of each evidence request and comment if needed. Dark mode is way cooler, new UI for Global Navigation Sidebar This update includes a partial shift to dark mode to enhance discoverability and readability for page content. Additionally, the new look offers functionality for users to expand or collapse sections, enabling them to prioritize and easily access their most frequently visited pages. New Tasks Page capabilities for admins to manage team workloads efficiently Admins can view all Action Items within the organization on the Tasks page. We added new filters to enhance your ability to navigate tasks efficiently. To make these updates more accessible, we revamped the Tasks Dashboard card for admins so you can go to the view you need with just a click. Unified controls Unified Controls offers you a simplified way to manage crosswalks across multiple frameworks and stages of compliance. Our in-house audit experts mapped each supported framework into this unified experience. February 2024 New UX for the Audit page The new audit page UX streamlines navigation through your audit tasks, enhancing audit efficiency. With the revamped dashboard, gain immediate visibility into your audit progress, the status of evidence requests, and auditor in-app updates. Also, explore the details of each evidence request and comment if needed. Privileged access monitor With the integration with Azure, our monitor automatically generates a snapshot of privileged access users for your auditors’ review. This enhancement further speeds up the audit process by eliminating manual work and meetings where auditors traditionally spend hours navigating through a customer’s Azure instance, collecting recordings and screenshots for access evidence. This is the first in a series of monitors aimed at streamlining privileged access listings, with more to come. January 2024 Project Management Sync Thoropass now supports sync compliance to-do’s, status updates, and attachments between Thoropass and Jira, creating a seamless workflow environment. This week, the Jira two-way sync feature is available to all customers with additional project management tools coming soon. Custom Risk Definitions Users can now tailor risk definitions to align with their internal language and risk models. These definitions will also be included as evidence to the auditor, proving that your company utilizes a clear methodology. New Dashboard, Visuals, and Control Status The updated dashboard landing page provides a quick overview of the status and statistics of your program. Additionally, the updated control status definition clearly indicates when intervention is necessary for a control. GET STARTED WITH THOROPASS Audits, compliance, and risk management—all in one place Talk to a Thoropass expert today to discuss how to refine and/or expand your compliance frameworks so that your business can be both more secure and more ready to do business. Talk to an Expert icon-arrow
