Thoropass

Everyone is using AI. Does that mean everyone needs ISO 42001? ISO 42001 is designed to establish, implement, maintain, and enhance AI within companies. It helps you protect your company when it comes to decisions, governance, and bias. Ask yourself: Are we using AI to make decisions? If so, then you'd benefit from ISO 42001.

Thrilled to be heading to San Francisco for TechCrunch Disrupt next week! I’ll be joining my friends Ashley Paston (General Catalyst), Richard Munassi MD MBA (Tampa Bay Wave), and Kamila Khasanova (On Top Strategy) on October 27 for a panel that hits close to home as a founder who has been through the fundraising journey more than once: 💬 “Fundraising Mistakes That Will Kill Your Round — and How to Avoid Them.” After raising multiple rounds for Thoropass and Zinc, investing in startups myself, and seeing both great pitches fall flat and unexpected ones take off, I’ve learned that fundraising is not just about numbers or products—it’s about clarity, timing, narrative, and vision. Whether you’re about to raise, currently in the arena, or just want to sharpen your storytelling, I promise this one won’t be theoretical—we’re bringing real war stories. 📍 San Francisco | October 27 🎟 Join us at TechCrunch Disrupt https://lnkd.in/euJCbcsX If you’ll be there, would love to connect with other founders, builders, and anyone obsessed with turning conviction into traction. See you soon! 🚀

Audits don’t get easier with software alone. You need to combine the right tech with the right people. That’s exactly what Matt Steel, Head of GRC at The Access Group, found with Thoropass. According to Matt, our biggest strengths are simple: 1️⃣ Powerful technology 2️⃣ People who know how to guide you through the process The result? A smoother, faster, less painful audit experience. Read the full story here: https://lnkd.in/esxRk6cD

Do you accept credit card payments? If so, Christopher Strand, PCIP says there's a high likelihood you'd benefit from PCI-DSS compliance. PCI DSS compliance isn’t about ticking boxes. It’s about building trust across every layer of your business. We can help you remain secure with high-quality audits, certified scans, expert-guided pentesting, and powerful automation in one platform.

Compliance isn't a checkbox. It's a strategic advantage.

Congrats to Caspian Studios on their two Signal Gold Awards for Scam Hunters! If you didn't know, they produced this Thoropass podcast starring Greg Kinnear and Erin Moriarty. Scam Hunters is about a disgraced CISO who gets a call from a Miami journalist who needs help investigating a series of scams targeting terminally ill patients. He begrudgingly accepts… But in a world of swindling and deceit, where nothing is what it seems – their findings are just the tip of the iceberg. Listen now: https://lnkd.in/erX8fh4g

Who will we see in Vegas for HLTH USA 2025? Our team will be there, ready to show you how to transform compliance from a checkbox into a strategic advantage. Stop by Booth 4148 to meet Cristina Bartolacci, Nader Toosi, Owen Whitley, and Joe Hunsicker. There will be some fun surprises for you too 👀

Curious about HITRUST and not sure where to start? Here are some fast facts, including: > What it is > What makes it different from other assessments > The 3 main assessments you can get

We won't lie to you: HITRUST r2 is a rigorous process. If you want to start with the most essential standards, go with HITRUST e1. The e1 contains 44 controls to manage the most likely security threats. Ryan Patrick has seen organizations get through the e1 audit in 45-60 days. Hear Ryan explain the difference between e1 and r2 👇

Imagine being downgraded — without notice — right before your renewal. We’ve been hearing this more and more from compliance leaders. They were working with a well-known GRC platform when suddenly their dedicated customer success manager was replaced with an "entire customer support team". Sound like an upgrade? It wasn’t. It meant a shared inbox, long queues, and people who had to relearn their systems every time they reached out for help. By their second audit on the platform, the message was clear: they’d been deprioritized — and they could feel it. That mattered, because their audits were already complex. A hands-off support model made things even harder. When your GRC platform acts only as a middleman between you and your auditor, the cracks start to show. They faced long delays trying to prepare proactively. Their auditor wasn’t engaged until audit time — and by then, it was too late to avoid the stress. And now, no dedicated CSM to guide them. This is exactly why continuous access to the same auditor and a dedicated CSM matters. Even with the best technology, support still matters. Being able to ask questions and get timely, expert help shouldn’t be a luxury.