Thoropass (formerly Laika) was founded in 2019 by Sam Li, Eva Pittas, and Austin Ogilvie, writing their first lines of code in June of that year.

The company found product-market fit as a compliance automation platform for small, digital-native companies with modern tech stacks who needed to achieve SOC 2 certification to sell to enterprise customers. Within a year of launch, they had moved from completely founder-led sales to almost none, demonstrating strong market validation.

The product combines software automation with human expertise to streamline the SOC 2 compliance process. Companies connect their existing SaaS tools and cloud providers to Thoropass's platform, which automatically collects and validates evidence needed for compliance certification. The platform continuously monitors these integrations to ensure ongoing compliance.

A key differentiator is Thoropass's integrated audit experience, where auditors use the company's software as their core tool, connected directly to the company-facing platform. This creates a closed loop between companies seeking certification and the auditors reviewing their compliance, significantly reducing the time to achieve certification from over a year to just weeks.

The platform has since expanded beyond SOC 2 to support multiple compliance frameworks including ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA, using the same core infrastructure to collect and validate evidence across different standards.

Thoropass is a compliance automation and audit platform that combines SaaS software with in-house expert services to help B2B companies achieve and maintain security certifications like SOC 2, ISO 27001, and HIPAA. The company operates on a yearly subscription model based on company size and number of certifications required, replacing the traditional one-off audit model that cost $50,000-$100,000 per engagement.

The platform integrates with customers' SaaS tools and cloud providers to automate evidence collection and monitoring, reducing audit completion time from over a year to just weeks. Thoropass differentiates itself from pure software competitors by providing in-house compliance experts and auditors who guide customers through the certification process, positioning as a full-service partner rather than just a tool provider.

Thoropass employs a land-and-expand strategy by first helping customers achieve initial SOC 2 certification, then cross-selling additional framework certifications like HIPAA or ISO 27001 using the same underlying data and integrations. The company claims to eliminate 80% of compliance and audit overhead through its tech-enabled approach, while maintaining continuous monitoring that supports annual re-certifications and real-time visibility into security practices.

Thoropass (formerly Laika) operates in the compliance automation and audit market, which has seen significant investment and competition as B2B SaaS companies seek enterprise-ready compliance solutions.

The primary competition comes from Vanta and Secureframe, who similarly offer compliance automation platforms targeting B2B SaaS companies. These companies focus on streamlining SOC 2 certification processes through software automation and integrations with cloud providers and SaaS tools.

Legacy audit firms represent the traditional approach to compliance, typically charging $50,000-$100,000 for SOC 2 audits that can take over a year to complete. These firms rely heavily on manual processes and lack the efficiency gains from modern software tooling.

Thoropass has positioned itself uniquely by combining compliance automation software with in-house audit capabilities, conducting over 1,000 annual assessments. This integrated approach differs from pure software players like Vanta and traditional audit firms.

The market remains in "land-grab mode" with competitors spending heavily on customer acquisition through paid advertising and direct sales. While the initial focus was on SOC 2, providers are expanding into additional frameworks like ISO 27001, HIPAA, and GDPR to capture more enterprise value.

Thoropass has tailwinds from the increasing enterprise demand for compliance automation and has the opportunity to grow and expand into adjacent markets beyond its current compliance focus.

The traditional compliance market is undergoing rapid transformation as enterprises seek to reduce the $50,000-$100,000 cost and year-plus timeframe of manual SOC 2 audits. Thoropass's platform claims to eliminate 80% of compliance overhead, suggesting significant market penetration potential as more companies adopt automated solutions.

Thoropass's extensive integrations with SaaS tools and cloud providers position it to expand beyond compliance into broader cybersecurity services. The company's AI capabilities and existing security monitoring infrastructure could be leveraged to offer threat detection, vulnerability management, and security operations services.

The company's compliance data collection and management capabilities create natural expansion opportunities into data governance and privacy management. As regulations like GDPR and CCPA evolve, Thoropass could expand its platform to provide comprehensive data lifecycle management, privacy compliance automation, and third-party risk management solutions.

With its growing user base of 100,000+ users and 1,000+ annual assessments, Thoropass has the foundation to evolve into a comprehensive enterprise security platform. The company's integrated audit firm model provides unique insights into security requirements across industries, enabling development of industry-specific security solutions and risk management tools.

Auditor independence tension: The dual role of providing both compliance software and audit services creates potential conflicts of interest. While positioning as an end-to-end solution is attractive, this hybrid model could face increased regulatory scrutiny or market skepticism. The company may need to maintain strict operational separation between its software and audit divisions to maintain credibility.

High-touch service scalability: Thoropass's differentiation through human expertise and personalized support could limit growth potential. The reliance on in-house compliance experts and auditors means the business may not achieve pure SaaS margins. As the company grows, maintaining service quality while scaling the human component will be challenging.