Thoropass human-in-the-loop margins
Thoropass
Thoropass is building a tech enabled services business, not a software business with a thin support layer. The product works because companies still need people to interpret controls, prepare for audits, answer edge case questions, and complete the final audit step. That human layer makes the product more valuable and easier to buy, but it also keeps cost of delivery tied more closely to headcount than a pure self serve compliance tool.
-
The workflow itself explains the margin profile. Customers connect AWS, GitHub, Google Workspace, HR systems, and ticketing tools, then the platform collects evidence and flags gaps, but policy setup, auditor review, and framework interpretation still require trained compliance staff and auditors.
-
Thoropass has leaned further into this model than pure software peers. It positions around in house experts and auditors, and has conducted over 1,000 annual assessments, while Vanta and Secureframe are framed more as automation platforms that make external auditors more efficient.
-
That tradeoff can still produce a strong business. The old SOC 2 process could cost $50,000 to $100,000 and take more than a year, so a faster subscription product with integrated human help can win on total customer value even if gross margins settle below classic SaaS levels.
The path forward is to keep using expert work as training data for productization. As Thoropass expands across ISO 27001, HIPAA, PCI DSS, and adjacent security workflows, the winners will be the companies that turn repeated human judgment into software faster, while keeping enough expert coverage to preserve audit quality and customer trust.