Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Great Account Manager Paige!
What do you like best about the product?
The amount of help on getting IT connected was nice.
What do you dislike about the product?
The templates are primarilyu fit for only SOC 2 compliance, anything that is custom SOC 1 can cause some major issues.
What problems is the product solving and how is that benefiting you?
Thoropass helped us get SOC 1 Type 2 compliant!
- Leave a Comment |
- Mark review as helpful
SOC2 FinTech
What do you like best about the product?
Their portal where I can find all the relevant documents and certification and can ask questions.
What do you dislike about the product?
Initial costing and renewal costing is slightly high.
What problems is the product solving and how is that benefiting you?
Get and maintain Type 1 and Type 2 certification.
Really great product and people that make a frustrating process much simpler.
What do you like best about the product?
The most helpful part of Thoropass is the automation and monitoring of our controls. The simplicity with which we can implement and monitor the numerous things is amazing considering how difficult this can be to be on top of without a tool like this. Being able to integrate with AWS and check Thoropass daily saved so much time compared to digging through the console. The Customer Success folks were also always on hand and quick to respond to any questions. The alert notifcation and remediation steps allows me to frequently pop in, solve something quick, and get out.
What do you dislike about the product?
Sometimes it is a little difficult to find certain files that have been added due to the fact that everything from screenshots to pdfs to tests to templates all populate into the 'documents' section. It can be hard to really sink down into what I'm really looking for.
What problems is the product solving and how is that benefiting you?
The SOC2 process (type 1 and type 2) is so confusing and nebulous that we didn't really know where to start. We are a small startup that doesn't have a security and compliance resource, so we were trying to just figure it out. With Thoropass we were able to rely on them to help us figure out the steps and necessary actions without us needing to really dive deep into all the nitty gritty details.
Thoropass Process & Independence
What do you like best about the product?
The Belong For Me likes having all our compliance needs in one platform. The ability to create, edit, collaborate, approve, monitor, and manage most of our governance controls from one platform is a game changer. I painfully spent more than a decade working with Excel files, SharePoint, Google Docs, etc, trying to manage this process with various teams.
Also, the account management team does a great job of helping our team stay on track with our timelines, answering product questions and getting answers to governance questions that we may have. Allie Farrell has done a fantastic job supporting our team.
Finally, having the same organization have an independent audit team and process is also very beneficial to coordinating the entire governance process. Their audit process is as rigorous as that of the elite audit firms I have used with other companies in the past.
Also, the account management team does a great job of helping our team stay on track with our timelines, answering product questions and getting answers to governance questions that we may have. Allie Farrell has done a fantastic job supporting our team.
Finally, having the same organization have an independent audit team and process is also very beneficial to coordinating the entire governance process. Their audit process is as rigorous as that of the elite audit firms I have used with other companies in the past.
What do you dislike about the product?
With a rapidly advancing software platform, trying to keep our team members up to speed with the software changes can be challenging at times. The Thoropass account management team and product webinars have made this process more manageable. Also, the new multi-framework functionality is making the usability of the platform much easier.
What problems is the product solving and how is that benefiting you?
As a SaaS company providing employee engagement-type solutions to Fortune 2000 companies, we know that governance and security controls are paramount to our company's success and trust. Over the past two years, we have utilized the Thoropass solution to create our entire compliance management program from scratch, including becoming SOC 2 Type 2 accredited. We are now moving forward with the GDPR and ISO 27001/2 utilizing the new Thoropass multiframework features. The ability to easily switch back and forth between frameworks makes the process much easier and faster.
Without a solution (software, support, and audit) like Thoropass, we could not have achieved our SOC 2 Type 2 goals in the timeframe mandated by our customers. In addition, we could not achieve GDPR or ISO 27001/2 compliance in the same calendar year if we did not have Thoropass as a solution provider.
Without a solution (software, support, and audit) like Thoropass, we could not have achieved our SOC 2 Type 2 goals in the timeframe mandated by our customers. In addition, we could not achieve GDPR or ISO 27001/2 compliance in the same calendar year if we did not have Thoropass as a solution provider.
Great team, smooth process
What do you like best about the product?
Portal, process, ease of use, customer support
What do you dislike about the product?
Some glitches on the portal in uploading the evidences
What problems is the product solving and how is that benefiting you?
SoC 2
Thoropass Review: A True Asset for Compliance Beginners & Experts
What do you like best about the product?
As someone new to compliance, Thoropass has been invaluable. Their team excels at answering questions thoroughly and clearly, making complex topics accessible. Regular meetings with them are more than just check-ins; they're full of essential insights and guidance. Additionally, their comprehensive templates are a godsend, simplifying the compliance process significantly. In short, Thoropass is a fantastic partner for anyone navigating the compliance landscape.
What do you dislike about the product?
I have nothing negative to say about Thoropass
What problems is the product solving and how is that benefiting you?
Thoropass has been instrumental in simplifying our journey through complex healthcare SaaS compliance requirements, like SOC 2, HIPAA, and HITRUST. Their expertise not only clarifies these challenging processes but also ensures we adhere to the highest standards, significantly benefiting our operational efficiency and data security. Using Thoropass's system, we were able to easily transition through recent personell changes within our own company.
Perfect for our small startup
What do you like best about the product?
Lots of personal service. Biweekly meetings with the project manager and audit expert as you work through the tasks of developing policies and procedures to achieve compliance. We are a five-person company and we needed lots of advice developing policies and procedures appropriate to our size. We got it from these meetings. We completed our SOC-2 Type 1 audit perfectly.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
Followup: they coached us successfully through our first SOC 2 Type 2 observastion period and our audit was perfect. I can't speak highly enough of the team. The results were outstanding.
What do you dislike about the product?
I've got nothing at all to complain about.
What problems is the product solving and how is that benefiting you?
We required SOC-2 reports to engage with our customer base, who are public companies with their own compliance requirements.
Highly Recommend Thoropass
What do you like best about the product?
The Thoropass team has been extremely helpful, knowledgeable and very accomodating to work with. Wew have worked with them for the opast year and a half and we are extremely satisfied with the help and guidanc they have provided.
What do you dislike about the product?
Honestly we have not encounterted any issues to date with their product or services.
What problems is the product solving and how is that benefiting you?
They have helped us with our SOC 2 Certifications as well as HIPPA and PCI.
Great team & great product! Couldn't have done it without them
What do you like best about the product?
Thoropass was a great asset to completing our SOC2 compliance. The team was knowledgeable and thorough. They helped us stay organized and meet our goals of completing our SOC2 Type 2 within a year. Thoropass made recommendations which helped out team new operational procedures in place, that we didn’t know we needed before. We are now more confident in the security for our team and customers.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
Believe me I had my moments of stress and worry but the Thoropass team held my hand every step of the way and really put my mind at ease.
What do you dislike about the product?
Don’t really have anything glaring that I didn’t like but I do think some of the reminders in the platform itself are unreliable. For instance, I can’t really keep up with updating the dates every time we complete an action item.
What problems is the product solving and how is that benefiting you?
Thoropass assisted in our SOC2 compliance and completion
Decent application, but a less satisfying assessment
What do you like best about the product?
Certification data collection was relatively straightforward. Everything necessary to support a SOC2 assessment had its place in the application, and there was a framework in the application to lead users through data collection.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
There are document templates for all required artifacts, which saved some time.
The application allowed delegation to multiple users, thus sharing the burden of data collection.
The company offers a combined service of data collection and SOC2 audit, which eliminates the need to find an assessment service and orienting that service to the Thoropass application.
The application had all the necessary features to support our audit.
Onboarding was easy. We had one customer success person assigned throughout, which avoids re-orienting a new rep at every interaction. Customer support was responsive and attentive.
What do you dislike about the product?
The application wasn't intuitive. Tasks and information were spread across a few parts of the application. Terminology was often incosistent or confusing. It was hard to find the things that needed to be done.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
It was difficult to understand the end-to-end process. The application is confusing, in that it has multiple points at which it declares completion without explaining that there is still substantial work remaining.
The audit service was downright disappointing. We had no less than five different auditors, and on a few occasions those auditors gave conflicting direction. The auditors were unfamiliar with the needs of a software product development company, often insisting on artifacts and actions that either didn't apply or were clearly impossible to perform. Initiating the audit itself occurs at two to four week intervals. Miss an interval, and you've extended the time to complete by weeks.
There was a noticeable lag in exchanges with the auditors. Responses in conversations with the auditors took one to two weeks, which substantially slowed the process.
The auditors were obviously working from some kind of script or playbook. That playbook would make sense if applied to a large company that does not create a software product. Most of the playbook was meaningless to a midsized company that makes software for sale. In particular, a SaaS product and its needs didn't fit the playbook, and was a continuous source of misguided demands from auditors. Getting the auditors to drop the script and think about what was actually necessary, or even possible, was frustrating throughout the audit process. There wasn't anyone in the audit team, not even at the highest level, that clearly understood what a software development company should and could contribute to an audit. We managed to finish the SOC2 Type 1 audit, but it was a long and painful journey.
What problems is the product solving and how is that benefiting you?
We expected Thoropass to quickly and easily lead us through the SOC2 process.
showing 171 - 180