Customer Stories / HalcyonFT

Harnessing mult-framework power: HalcyonFT achieves SOC 2 attestation and ISO in one-third of the time

Halcyon Financial Technology (HalcyonFT) provides IT, cybersecurity, and cloud infrastructure services for the investment industry. In order to do business in this highly regulated field, HalcyonFT needed a robust security posture customers could trust.

HalcyonFT
HalcyonFT

CHALLENGE

Build or buy? HalcyonFT chooses the path to faster compliance

Joe James, Partner, Director of Projects of HalcyonFT, had helped previous companies achieve SOC 2 attestations and ISO certifications. When prospective customers increasingly began asking for due diligence questionnaires regarding SOC 2 and ISO 27001, Joe knew it was time to pursue both certifications.

He considered preparing for the SOC 2 and ISO audits himself, but estimated it would take three years. Weighing this significant time commitment against the risk of non-compliance, he ultimately decided to revise his strategy.

I needed a partner that was going to provide me with

the necessary tools to complete the framework faster and correctly.

Joe James

Partner, Director of Projects

HalcyonFT

Joe evaluated multiple compliance solution providers. He found that while other providers gave him a sales pitch, Thoropass was the only one willing to give an in-depth demo of the platform.

I looked at the major four but we came back to Thoropass as the offering we liked most as a whole: for me,

it was the interactions we had with the team, the UI, and the ease of use.

Joe James

HalcyonFT

SOLUTION

Thoropass provided guidance and a roadmap, streamlining the process by 66%

First, HalcyonFT tackled SOC 2 attestation. Thoropass’s in-house team of compliance experts and easy-to-use platform helped Joe simplify and accelerate the attestation process. From implementation to audit, Joe appreciated the weekly calls and constant communication from his Customer Success Manager (CSM).

Our CSM was always available. He answered questions and gave us what we needed.

From my experience in working with other consultants, Thoropass was better, bar none

HalcyonFT

The expert guidance helped Joe and his team stay on track while working through the SOC 2 framework. For each evidence request, Joe would simply look at the specifications, upload the information, and receive detailed feedback. Thoropass’s policy templates also provided the HalcyonFT team the guardrails they required to make sure that their existing policies were inline with the requirements for SOC 2 and ISO 27001 compliance.

Thoropass was like a warm blanket.

We had structure and a roadmap to follow. From point A to point Z, Thoropass laid it out well.

HalcyonFT

Once they achieved SOC 2, Joe and his team tackled ISO 27001. Within the Thoropass platform, it was easy to map SOC 2 evidence to matching ISO requirements. According to Joe, “once we got past SOC 2, ISO was a walk in the park, because we had that framework already laid out, and a lot of it overlapped.”

RESULTS

Achieving SOC 2 and ISO certifications brought in new customers and revenue

They implemented the required controls to meet SOC 2 criteria in about 100 hours and then proceeded to implement the required controls to support ISO 27001 in just 50 hours through the use of the platform’s multi framework capabilities and efficiencies–a third of the time Joe expected.

They were blown away by just how easy it was for them to audit us.

The auditors told me that this is the easiest audit they’d ever done because of our preparation with Thoropass.

HalcyonFT

Beyond the time savings, SOC 2 and ISO certifications have brought in new clients for HalyconFT.  Joe says that “while HalcyonFT already maintained best-in-class information security and data governance, attaining these certifications differentiated us from some of our competitors and is a heavy checkmark on our existing and future client regulatory compliance requirements.”

“While HalcyonFT already maintained best-in-class information security and data governance, attaining these certifications differentiated us from some of our competitors and is a heavy checkmark on our existing and future client regulatory compliance requirements,” explains Joe.

LOOKING AHEAD

HalcyonFT plans to keep certifications up to date and recommend Thoropass to clients

Moving forward, Joe plans to keep HalyconFT’s certifications up to date with Thoropass. The team is also recommending Thoropass as a compliance solution to its financial clients.

We see Thoropass as a crucial relationship for keeping our certifications.

In order to stay relevant and get more business in our industry, you have to have this type of certification.

Joe James

HalcyonFT

Find your comprehensive compliance partner in Thoropass

Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.

Talk to an Expert

Featured

Product

ISO 27001,

SOC 2,

Industry

Fintech

Company size

11-50

Location

United States

Related Customer Stories

Cigo Tracker develops SOC 2 policies in just 10% of the time

Penetration Testing,

SOC 2,

Read Case Study

Fast-track to SOC 2: How CallFinder sailed through audit 40% faster with key partnerships

SOC 2,

Read Case Study
Get Started

Solutions

Get CompliantMaintain ComplianceIT Security Audits

Products & Services

Thoropass AuditCompliance AutomationPentestingThoropass AIAccess ReviewsSecurity QuestionnairesRisk AssessmentTrust CenterIntegrations and APIs

Frameworks

SOC 1SOC 2HIPAAHITRUSTCyber EssentialsGDPRISO 27001ISO 27018ISO 42001CMMC Level 1NIST CSF 2.0PCI DSSOther Frameworks

Industries

HealthcareSaaSFinTechOther Industries

Company

Our DifferenceMeet the ExpertsNewsroomCareersIndependence and ExcellenceBecome a PartnerTrust CenterContact us

Resources

Case StudiesBlogGuidesEventsHelp Center

Legal

MSADPAReport an IssueTerms and ConditionsPrivacy Policy

Leading by Example: Thoropass' Certifications

© Copyright 2025 Thoropass, Inc.