What’s new with the Thoropass platform?

We added eight new frameworks to the Thoropass platform—so you can scale your compliance program faster, with less manual work, and more confidence across global standards.
‍

Now available in Thoropass:
‍CSA STAR: (Cloud assurance)
DORA: (EU financial resilience)
FERPA: (Education privacy)
WCAG 2: (Accessibility)
C5: (Germany cloud security)
ISO 27017: (Cloud security controls)
NIST 800-53: (High-assurance federal compliance)
NIST 800-171: (CUI protection for DoD contracts)
‍

With automation and deep cross-framework mapping, you can manage them all in one connected platform—no duplicate work required.
‍

Learn more

Access reviews are only as strong as the follow-through. Our new validation feature ensures reviewers don’t just acknowledge changes—they prove them. Reviewers can now upload evidence or validate automatically via integrations, giving you verifiable assurance that access updates actually happened.

This update closes a key compliance gap and strengthens audit readiness—all within your existing workflow.
‍

Available July 1 as part of the Access Review module
‍

Watch the demo

The Thoropass Trust Center is now fully available to all customers. Create a public-facing portal at your own domain (e.g., trust.yourcompany.com) to showcase your compliance posture—using the frameworks, documents, and controls already in Thoropass.
‍

You control visibility with NDA gating and access requests, making security reviews faster and more self-serve—without compromising control.
‍

Included in all Thoropass plans.
‍

Learn more here

Organizations with unique industry or internal frameworks can now manage them directly in Thoropass. Submit your custom controls, and we’ll map them to unified controls so you can track tasks, assign ownership, and centralize your GRC work—without leaving the platform.
‍

Whether you’re working with regional standards, niche frameworks, or internal policies, Thoropass helps you stay organized and audit-ready.

We’ve revamped the People Table for better visibility into who’s in your environment, what access they have, and what responsibilities they’re assigned. The refreshed layout makes it easier to manage contributors, reviewers, and collaborators across teams.
‍

Whether you’re working with regional standards, niche frameworks, or internal policies, Thoropass helps you stay organized and audit-ready.
‍

Learn more

Need to share read-only access with auditors or stakeholders? The new Compliance Viewer role lets you do exactly that.
‍

This role allows view-only access to Controls, Evidence Requests, Documents, and more, making it easy to loop in legal, audit, or leadership stakeholders without compromising system integrity.

Learn more

Frameworks are flexible, and now Thoropass is too. Local Controls let you define how your organization meets a requirement—so you can add implementation details, internal context, or organization-specific language directly into the control structure.
‍

It’s a powerful way to tailor compliance without stepping outside the platform.
‍

Learn more

Thoropass has added five new frameworks to our platform—helping you scale your compliance portfolio without the chaos of disconnected tools and duplicative work.
‍

Our latest release includes ISO/IEC 27701, NIS 2 Directive, ISO 9001, CMMC Level 2, and CIS Controls v8. All five frameworks are now available in the Thoropass platform—so you can manage multiple standards with unified controls, automation, and expert support.

Thoropass is now a PCI Approved Scanning Vendor (ASV)—joining fewer than 100 companies globally certified to deliver PCI-compliant external vulnerability scans.
‍

Our new ASV offering eliminates the need for third-party tools by bringing scanning, audits, pentesting, and automation together in one platform. No more vendor sprawl. Just a faster, more confident path to PCI compliance.

Thoropass Trust Center is now in beta—giving customers a professional, public-facing portal to showcase their compliance posture and speed up security reviews.
‍

Trust Center pulls from your existing frameworks, controls, and documentation within Thoropass—making setup fast and reducing repetitive due diligence requests. You can share content publicly or behind NDAs, all while maintaining control and visibility. Learn more and request early access here.

We’ve just added three new frameworks to the Thoropass platform—so you can reduce risk, unlock new markets, and scale your compliance program without the heavy lift.
‍

NIST CSF 2.0: Modernize your cybersecurity program with a scalable risk framework.

CMMS Level 1: Get DoD contract-ready with foundational security practices.

Cyber Essentials: UK public sector readiness made easy
‍

With built-in automation, expert guidance, and a single connected platform, Thoropass helps you adopt new frameworks without starting over.

We’ve added two specialized roles to streamline your audit processes:
‍

Audit Contributor: View and modify all documents, monitors, and assigned Evidence Requests and controls, with access to view published policies.
‍

Auditor: Designed for non-Thoropass auditors to review and comment on submitted Evidence Requests with minimal system access.

Now available: bulk-invite multiple users across workspaces at once, streamlining user management for multi-workspace organizations.

Backend updates to enhance performance and reduce duplicate records. You may notice ‘alias’ profiles in user profiles—no action needed!

You can now centralize policy creation and management for your multi-workspace compliance, reducing redundancy and ensuring consistent enforcement across multiple workspaces. With policy inheritance through shared controls, standardized approval flows, and granular editing permissions, organizations can streamline compliance while maintaining flexibility for workspace-specific configurations.

Thoropass HITRUST MyCSF integration is now live! With this integration, you can seamlessly upload evidence into MyCSF while maintaining complete documentation across both platforms. This enhancement helps joint customers improve efficiency, reduce costs, and minimize overall information security risk.

We’ve added 50+ new integrations for access reviews, including Vercel, Microsoft Teams, and Confluence. These audit-approved integrations streamline the review process, making it faster and more efficient. We’re continuously expanding our integrations—new ones are added every week!

Thoropass is the only compliance solution that offers optimized consecutive access reviews automation, allowing you to focus only on changes since the last review and saving up to 95% of the workload. By streamlining tedious workflows, reducing review fatigue, and enhancing security, Thoropass helps keep your systems secure with unmatched efficiency.

The new role can manage assigned risks in Risk Register, including modifying controls and action items linked to those risks, streamlining risk accountability and improving efficiency.

The updated design provides a clear and intuitive view of key policy details, including the policy owner, approver, type, related frameworks, and control family. Additionally, you can now directly share, view, or delete specific policies right from the page, improving compliance efficiency.

Shared Controls reduces redundancy by allowing teams to manage and reuse controls across multiple product lines or business units, saving time and streamlining workflows.

Account Admins can now efficiently manage Thoropass user access across all workspaces linked to their account, providing greater control and streamlined administration.

The new feature keeps all communication across Thoropass in one page, making managing Controls and Evidence Requests easier and faster. Instead of losing track of emails or using messy spreadsheets, you can use filters and search tools to quickly find what you need and jump to the right task.

First Pass AI pre-screens evidence before the audit, eliminating the bottlenecks between evidence collection and auditor acceptance, saving thousands of manual QA hours and accelerating audit cycle times.
‍

Learn More

The enhanced Tasks simplifies multi-framework and multi-workspace compliance with a unified task view and a visual dashboard to efficiently manage and assign tasks. Track integrated evidence requests, send one-click reminders, and streamline workflows—all in one place for smoother, more effective compliance management.

The updated design features visual table enhancements, sortable columns, easy-to-use filters, and efficient bulk actions like assigning owners to multiple rows. These improvements streamline your workflows, making control management faster and clearer.

Thoropass now fully supports four new compliance frameworks—HIPAA CE Privacy Rule, HITRUST AI Cybersecurity Assessment, ISO 42001, and ISO 27018 — to meet the growing demands of AI governance, data privacy, and health information protection.

You can now choose to assign Thoropass template training to “all employees” or “I’ll choose assignments.” Additionally, you can decide whether to assign new hires automatically for both new and existing training.

Thoropass Data Rooms makes sharing documents, such as audit reports, completed DDQs, and questionnaires during vendor reviews and audits, easy and secure. New pre-built templates help you quickly set up data rooms based on vendor needs, and you can now include an NDA if required. Instead of sending multiple files through email, recipients now get a dedicated page, and you can track who views what with access logs.

It provides clear evidence request references linked to your control action items, helping you understand how each control supports your audit process.

Say goodbye to manually updating spreadsheets and chasing down different stakeholders for your compliance access review. Our new access review helps you figure out which systems need to be reviewed based on your framework requirements, keep track of everything you need to do, and collect all the evidence for audits automatically.

Thoropass now supports the New York Department of Financial Services 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies.

Thoropass launched a new integration partner platform designed to accelerate the number of integrations available to our customers. The new partner APIs offer greater flexibility and integration options for partners, enabling them to empower customers with streamlined compliance.

Our updated “Training” feature has been renamed to “Employee Education” and now offers two types of learning: “Training” and “Acknowledgement”. These customizable options allow users to set up targeted training and policy acknowledgment requirements.

Users can quickly and easily access all their Workspaces with a single login, saving time and eliminating the need for multiple credentials.

We now have monitors mapped for PCI attestation. This enhancement provides real-time visibility of your compliance practice, helping you quickly identify and respond to any anomalies. Reach out to your customer success manager to turn it on!

Users can now see which policies are connected to each policy control. Our built-in policy templates are automatically linked to the relevant controls. Custom policies can be manually linked to the relevant controls. Additionally, we’ll notify users in-app and via email when a review deadline is approaching to ensure compliance and efficiency.

The new contributor access feature allows contributors to view and access specific evidence requests assigned to them within an audit. This ensures they can only view and manage the requests assigned to them, enhancing security and streamlining the process.

We’re excited to announce new integrations with Snyk, Qualys, and Tenable. With our expanding auditor-approved integrations, you can effortlessly automate evidence collection, enhancing efficiency and ensuring that the data pulled will be accepted during an audit.

Thoropass integrates with your systems to automatically generate a snapshot of privileged access users for your auditors’ review. It speeds up the audit process by eliminating manual work and meetings for access evidence collection. We currently support Azure, Google Cloud, AWS, Okta, Datadog, Bitbucket, Sentry with more to come.

We now provide non-editable access to completed audits for evidence details and comments review.

When Thoropass users integrate their cloud service provider with the Thoropass platform, up to 100% of the action items related to cloud security configurations can be automatically completed with just a click. It also gives users a real-time status of their security posture and alerts them when discrepancies are identified in their cloud instance.
‍

Additionally, when you publish policies in Thoropass, the software will alert you when it’s time to review and republish those policies. Once you republish, Thoropass automatically completes those action items.

Action Items synced to Jira tickets now include the control name, control ID, and action item ID in the Jira ticket to make those tickets easier to find via Jira search and to enable Jira automation. With Thoropass multi-framework action items, you only have to complete an action once for it to count across frameworks. When a multi-framework action item is synced to Jira and your company adds a framework, Thoropass automatically updates the Jira ticket with the new framework content appended as a comment.

The new dynamic action items allows you to organize tasks to implement and maintain compliance across all your frameworks. The new action items reduce repetition with unified Action Items and visualize the differences between frameworks for faster action.

Admins can now toggle on a more strict publishing flow for policies in their company. The new workflow requires a separate Approver’s sign-off before any policy is published. This update enforces unique Owner and Approver roles for a policy, ensuring clear accountability. A Policy owner would send a request to publish their policy to an Approver, and the Approver can request further changes or approve and publish the policy.

The product uses advanced processing tools to assess a given question and match it to the company’s own existing library of previously answered questions. For any question that can’t be matched, GenAI is used to scan existing PDFs of prior surveys, policies, procedures, reports, etc., and suggest answers that can be adopted or edited as appropriate.

The new audit page UX streamlines navigation through your audit tasks, enhancing audit efficiency. With the revamped dashboard, gain immediate visibility into your audit progress, the status of evidence requests, and auditor in-app updates. Also, explore the details of each evidence request and comment if needed.

This update includes a partial shift to dark mode to enhance discoverability and readability for page content. Additionally, the new look offers functionality for users to expand or collapse sections, enabling them to prioritize and easily access their most frequently visited pages.

Admins can view all Action Items within the organization on the Tasks page. We added new filters to enhance your ability to navigate tasks efficiently. To make these updates more accessible, we revamped the Tasks Dashboard card for admins so you can go to the view you need with just a click.

Unified Controls offers you a simplified way to manage crosswalks across multiple frameworks and stages of compliance. Our in-house audit experts mapped each supported framework into this unified experience.

The new audit page UX streamlines navigation through your audit tasks, enhancing audit efficiency. With the revamped dashboard, gain immediate visibility into your audit progress, the status of evidence requests, and auditor in-app updates. Also, explore the details of each evidence request and comment if needed.

With the integration with Azure, our monitor automatically generates a snapshot of privileged access users for your auditors’ review. This enhancement further speeds up the audit process by eliminating manual work and meetings where auditors traditionally spend hours navigating through a customer’s Azure instance, collecting recordings and screenshots for access evidence. This is the first in a series of monitors aimed at streamlining privileged access listings, with more to come.

Thoropass now supports sync compliance to-do’s, status updates, and attachments between Thoropass and Jira, creating a seamless workflow environment. This week, the Jira two-way sync feature is available to all customers with additional project management tools coming soon.

Users can now tailor risk definitions to align with their internal language and risk models. These definitions will also be included as evidence to the auditor, proving that your company utilizes a clear methodology.

The updated dashboard landing page provides a quick overview of the status and statistics of your program. Additionally, the updated control status definition clearly indicates when intervention is necessary for a control.