Vendor profile
Thoropass
Vendor profileReviewed Jun 2026

Is Thoropass right for your security review workload?

Thoropass is an "auditor-led, AI-powered" compliance and audit platform that includes security questionnaire automation and a trust center alongside its licensed audit delivery.

Fit Diagnostic

Move the targets to match your buying situation. The highlighted band shows where this vendor is designed to perform best.

Match score100%

Thoropass fits this buyer profile well. Use the demo to prove evidence handling, approval routing, integrations, and stale-answer controls.

Primary strength

Licensed audit firm delivers audits within the platform.

Thoropass’s distinctive angle is bundling the audit itself: it is a licensed audit firm, not just a platform, which can simplify procurement for teams that want software and audit from one vendor. Questionnaire automation and the trust center are supporting features. Buyers focused purely on questionnaire response should test that motion against dedicated tools, but those who want audit + compliance + customer assurance together get an unusually unified offering.

Primary tradeoff

Questionnaire automation is a supporting feature, not the core.

Buyers should verify ownership, review routing, evidence freshness, implementation effort, and how generated answers are approved before they reach customers.

Not ideal for

Teams whose only need is high-volume questionnaire/portal response.

Limitations are part of the decision. A product earns trust faster when buyers can see where it is not the right first purchase.

Best fit20+

Questionnaires per month, repeated customer portals, or enterprise review pressure.

Reviewed sources1

Research inputs reviewed for this profile.

Named integrations5

Structured integration coverage represented in this profile.

Tracked signals12

Features, integrations, and modern buying signals represented in this profile.

Directional profile

Thoropass strength map

Use this to see where Thoropass appears strongest, then confirm the gaps in a demo with your own questionnaire and approval process.

Strength radarEvidencedepthAIautomationWorkflowcoveragePortalhandlingTrustcenterIntegrationdepthEnterprisefitBuyerproof
Evidence depthHow much public proof and review material is represented in the profile.
3/10
AI automationSignals for answer generation, assisted review, and automation depth.
9/10
Workflow coverageCoverage across intake, routing, review, approval, and reuse workflows.
8/10
Portal handlingSupport for messy customer portals and non-standard questionnaire surfaces.
2/10
Trust centerHow well the vendor appears to connect questionnaires with reusable proof.
4/10
Integration depthStructured coverage of CRM, collaboration, docs, API, and knowledge systems.
4/10
Enterprise fitSignals that the product can support larger buying committees and governed rollout.
9/10
Buyer proofVisibility into customers, screenshots, proof points, and external validation.
1/10

Product Overview

What it does

Thoropass is an audit and compliance platform that pairs software automation with in-house auditors. Public materials describe an audit lifecycle platform (readiness through final reporting), automated evidence collection, access-review automation, risk assessment, and multi-framework support with overlapping control mapping.

Within that, Thoropass offers security questionnaire automation (responding to vendor security assessments) and a public trust center. Its differentiator is delivering actual audits as a licensed CPA firm with embedded auditors, positioned as "auditor-led, AI-powered."

Summary

Thoropass is for teams where security review is now a revenue workflow.

If questionnaires are frequent, multi-stakeholder, and customer-visible, workflow depth becomes more important than a simple answer library.

Fit Intelligence

Audience and use cases
Use cases

Primary Use Cases

Thoropass is most relevant where the security review process is frequent enough to need repeatable workflow, evidence reuse, and buyer-facing consistency.

Compliance & audit

Achieve and maintain frameworks with automated evidence and integrated audit delivery.

Security questionnaire automation

Respond to vendor security assessments using compliance data.

Trust center

Publish a trust center to demonstrate compliance and build customer trust.

Risk & access reviews

Track risk and automate user access validation.

How Thoropass Works

Process
01

Establish frameworks & evidence

Teams select frameworks; AI helps collect and organize evidence.

02

Run the audit

In-house auditors deliver the audit within the platform.

03

Assure customers

Questionnaire automation and trust center reuse compliance data for customer reviews.

Feature Analysis

What to verify
Audit lifecycle platform

Readiness through final reporting with in-house auditors and AI evidence automation.

  • The licensed-firm model is the core differentiator.
Questionnaire automation & trust center

Respond to security assessments and publish a trust center from compliance data.

  • Supporting features, most valuable when unified with audit/compliance.

Ecosystem Signals

Support signals
Integrations

Major Integrations

Integration coverage matters because answer automation depends on how well the product can connect source systems, review workflows, and revenue-team tools.

AWS

Evidence collection from cloud.

other
GitHub

Engineering evidence.

other
IAM platforms

Access evidence.

other
HR systems

Personnel evidence.

other
Ticketing / project tools

Remediation tasks.

other

Fit Comparison

Compare alternatives
Criteria
Thoropass
Secureframe ->Vanta ->
Primary fit
Teams wanting compliance, audit, and customer assurance from one vendor.Secureframe is a compliance-automation platform (SOC 2, ISO 27001, HIPAA, CMMC and more) that adds questionnaire automation and a trust center as part of a broader GRC suite.Vanta is a trust management platform with compliance automation, Trust Center, risk workflows, Vanta AI, and AI-powered Questionnaire Automation for customer security reviews.
Decision lens
Shortlist Thoropass when you want compliance, audit, questionnaire response, and trust from one vendorCompare workflow depth, integrations, and implementation effort.Compare workflow depth, integrations, and implementation effort.

Company Information

Snapshot and leadership
Company context

Thoropass (formerly Laika) is a privately held compliance-and-audit company and licensed CPA firm, founded in 2019 in New York by Sam Li, Austin Ogilvie, and Eva Pittas. It references 1,000+ organizations served. Current executive titles can change and should be confirmed.

Founded2019
HeadquartersNew York, NY
Company typePrivately held
Sam Li

Co-founder - Co-founder of Thoropass (formerly Laika).

Austin Ogilvie

Co-founder - Co-founder of Thoropass (formerly Laika).

Eva Pittas

Co-founder - Co-founder of Thoropass (formerly Laika).

Implementation, Security, and Buying Notes

What to ask
TopicSummaryBuyer action
Implementation

Implementation spans framework setup, evidence collection, and audit delivery. Questionnaire and trust value follows once compliance data is established.

Ask to see setup steps.
Security review

Thoropass is a licensed CPA firm with AICPA peer-review ratings. Confirm AI data handling, access controls, audit logs, retention, and subprocessors.

Ask about controls and audit history.
Pricing

Thoropass pricing varies by frameworks, audit scope, company size, and services; the bundled software-plus-audit approach is positioned as potentially more cost-effective than separate vendors. Confirm by scope.

Confirm package limits.
Integrations

Thoropass integrates with cloud providers, version control, IAM, HR, and ticketing for evidence collection. Confirm the connectors you need and how they feed questionnaire/trust content.

Validate included integrations.
Competitive position

Thoropass competes with Vanta, Drata, Secureframe, and Sprinto in compliance automation, differentiated by integrated audit delivery. For questionnaires, it competes as a suite feature against dedicated response tools.

Compare fit, not only features.
Buyer guidance

Shortlist Thoropass when you want compliance, audit, questionnaire response, and trust from one vendor. If questionnaire response is the dominant need, test it directly against dedicated tools.

Run the demo test.

Decision Signals

Compare on facts
Questionnaire coverageStatusNotes
Custom questionnaires

Documented

Questionnaire automation responds to vendor security assessments from compliance data.
Buyer portals

Verify with vendor

Confirm buyer-portal handling versus dedicated response tools.
Procurement signalStatusNotes
SSO / SCIM

Verify with vendor

Confirm SSO/SCIM by plan.
Free tier or trial

Verify with vendor

Bundled software-plus-audit pricing; confirm entry options.
AI data handlingPublic signalNotes
Model providers

Not itemized publicly

Confirm AI data handling, subprocessors, and retention; Thoropass is a licensed CPA firm with AICPA peer review.
Zero data retention

Verify with vendor

Ask for the current contractual retention terms.
No-training commitment

Verify with vendor

Confirm whether customer data trains vendor or third-party models.
Exit and portabilityDetailNotes
Export and lock-in

Not documented publicly.

Ask how audit artifacts, evidence, and questionnaire history export at contract end.

Buyer Intelligence

Evaluation guidance
Demo Tests

What to test in a Thoropass demo

Separate audit value from questionnaire workflow fit.

Audit + software

Confirm how audit delivery and the platform are contracted and integrated.

Questionnaire handling

Bring a real questionnaire and assess fit versus a dedicated tool.

Framework mapping

Confirm multi-framework overlap mapping for your needs.

Buyer Questions to Ask Thoropass

Demo checklist

Use these questions to test whether Thoropass fits your actual security review workflow, evidence process, and buyer portal reality.

  1. Does this product help your team send assessments, answer assessments, or both?

    Thoropass is mainly for compliance, trust, and answering customer security reviews. It may reduce inbound questionnaires through trust workflows, but buyer-side assessment sending is not the core use case.

  2. What evidence sources does the AI use, and can every answer be traced back to a source?

    Thoropass shows evidence-source and answer-reuse signals in the profile. In the demo, require source citations on generated answers and test what happens when sources conflict or become stale.

  3. Can it handle spreadsheets, PDFs, customer portals, and browser-based questionnaires?

    Thoropass has public signals for non-standard questionnaire handling such as files, imports, exports, portals, or browser-based workflows. Test a real spreadsheet, PDF, and painful customer portal before buying.

  4. Does it support SIG, CAIQ, HECVAT, VSAQ, and custom forms?

    Thoropass does not clearly document SIG, CAIQ, HECVAT, or VSAQ support in the current profile. Ask whether those are supported natively, through templates, or only through custom imports.

  5. Can you tier vendors by risk before sending questions?

    Thoropass is not primarily positioned around buyer-side vendor tiering. If you need inherent-risk scoring before sending assessments, validate that separately.

  6. Can a trust center reduce how many questionnaires your team receives?

    Thoropass includes trust-center signals, so it may reduce repetitive inbound requests by letting buyers self-serve approved security material. Confirm access controls, NDA flow, analytics, and what still turns into a questionnaire.

  7. Does it support human review, approvals, answer ownership, and audit trails?

    Thoropass shows review, approval, ownership, or audit-control signals. In the demo, test low-confidence answers, SME routing, final approval, and audit history.

  8. Does it integrate with your GRC, CRM, procurement, ticketing, and document repositories?

    The profile lists 5 integrations across other. Examples listed in the profile include AWS, GitHub, IAM platforms, HR systems, Ticketing / project tools. Confirm which ones are native, which require API work, and which are plan-gated.

  9. What happens when a policy, SOC 2 report, subprocessor list, or product architecture changes?

    Thoropass has source-maintenance or freshness signals in the profile. Ask who owns updates when policies, SOC 2 reports, subprocessors, or product architecture change.

Published

Jun 27, 2026

Last reviewed

Jun 27, 2026

FAQ

What makes Thoropass different?

Thoropass is a licensed CPA firm that delivers audits within its compliance platform ("auditor-led, AI-powered"), and includes questionnaire automation and a trust center.

Is Thoropass a questionnaire tool?

Questionnaire automation is a supporting feature; Thoropass is primarily a compliance-and-audit platform.

Shortlist Thoropass