The compliance company that put the auditor inside the software - one platform for SOC 2, ISO 27001, HIPAA and 30+ other frameworks, with a real CPA firm doing the audit.
Thoropass co-founder and CEO Sam Li - from Shanghai to the University of Virginia to Harvard Business School - built the company on a single idea: fall in love with the pain point everyone else avoids.
Every growing software company eventually hits the same wall. A big customer wants proof that its data is safe, and that proof has a name - SOC 2, or ISO 27001, or HIPAA. Historically, getting it meant buying one tool to track your controls, hiring a separate consultant to prepare, and then bringing in a third party - the auditor - who often arrived at the end and rejected half the evidence.
Thoropass, founded in New York in 2019 as Laika, was built to collapse that chain. It is a compliance-automation platform and a licensed audit firm at the same time. The software collects the evidence, monitors the controls, and maps them across frameworks; the in-house, AICPA peer-reviewed CPA practice runs the actual audit. Crucially, the auditor is assigned on day one rather than parachuting in at the finish.
The result is a single workflow instead of a relay race. Companies using Thoropass have reported completing SOC 2 audits up to 60% faster than the traditional route. The company now supports more than 30 frameworks - SOC 2, ISO 27001, HIPAA, PCI DSS, HITRUST, GDPR, and ISO 42001 for AI governance - and lets teams cross-map evidence once, then reuse it across certifications instead of starting from zero each time.
That is the through-line from Laika to the name it wears today. "Thoropass" fuses "thorough" and "pass" - the two things every customer wants from an audit and rarely gets together.
"Fall in love with the pain point, not the product."
Startups and scale-ups that can't close enterprise deals until they can hand over a SOC 2 or ISO 27001 report. Compliance becomes a sales blocker before it becomes a security exercise.
Tool here, consultant there, auditor somewhere else - each redoing work and rejecting evidence. Annual audits turn into once-a-year fire drills instead of an ongoing capability.
Automated evidence collection, continuous monitoring, and an assigned auditor in a single system - so the certificate is a byproduct of good practice, not a scramble.
Thoropass serves hundreds of growing businesses, many in SaaS and healthcare-adjacent markets, with roughly 240 employees blending engineers and practicing auditors.
The core system that runs compliance and the audit in one place, with the assigned auditor available from the start.
Automated evidence collection, continuous control monitoring, real-time dashboards, and 100+ cloud and security integrations.
The in-house CPA practice - AICPA peer-reviewed, a PCI Qualified Security Assessor, and a HITRUST Accredited Assessor - that conducts audits directly.
Screens evidence for audit-readiness in seconds, cutting the manual QA loop and the evidence rejections that stall audits.
Takes messy exports from any GRC tool and transforms them into clean, audit-ready evidence.
Expert penetration testing, including customized testing for AI and LLM deployments to surface attack vectors.
Investors include Canapi Ventures (A), J.P. Morgan Growth Equity Partners (B), and Fin Capital with Centana Growth Partners (C). Estimated annual revenue: ~$60.4M.
The compliance-automation category is crowded - Vanta, Drata, Secureframe, and Sprinto all sell software that helps you monitor controls and prepare for an audit. But almost all of them stop at the software. The audit itself gets handed off to a separate firm.
Thoropass's differentiator is that it is the audit firm. Because it is a licensed, AICPA peer-reviewed CPA practice - plus a PCI QSA and HITRUST Accredited Assessor - the same company that provides the software can issue the report. That removes the handoff, the second sales cycle, and the mismatch between what the tool collected and what the auditor will accept.
Against the Big Four, the pitch flips: Thoropass offers the software-driven speed and evidence reuse that traditional audit shops don't. Against pure-software rivals, it offers the auditor. That two-sided position - software company and audit firm at once - is deliberately the one the market told it not to take.
Sam Li, Eva Pittas, and Austin Ogilvie write the first lines of code in June and raise a $3M seed round in September.
Raises $10M led by Canapi Ventures to build out compliance automation.
Secures $35M led by J.P. Morgan Growth Equity Partners.
Raises $50M led by Fin Capital with Centana Growth Partners - $98M total.
Laika becomes Thoropass in March, signaling an end-to-end, audit-included approach.
First Pass AI, GenAI DDQ, AI pentesting, and ISO 42001 support arrive; Laika Compliance becomes Thoropass Assurance.
Publishes findings that AI adoption is the top compliance risk and ships Smart Sort AI; Sam Li named an EY Entrepreneur Of The Year NY finalist.
"The AI tool Thoropass is a very helpful tool that provided us great clarity by identifying missing items early."