Nine months after acquiring compliance specialist Abacode, managed IT provider Thrive has folded the business into a GRC portfolio designed to help regulated organisations run compliance as an ongoing program rather than an audit sprint.
The new Abacode Compliance Services sits within Thrive's broader cybersecurity stack — which includes 24/7 monitoring, a US-based security operations centre, and dedicated incident response — and extends it into governance and regulatory work. Supported frameworks span CMMC Level 2, PCI-DSS, HIPAA, TISAX, SOC 2, ISO 27001 and the newer ISO 42001 for AI management systems, among others.
The service runs through five phases: a baseline assessment of the current environment, policy development and roadmap creation, ongoing monitoring and documentation management, audit preparation support, and a central compliance portal with task automation, evidence tracking, and real-time status visibility. The last of those pulls compliance and security dashboards into a single view alongside Thrive's existing client portal.
The underlying rationale is a familiar one in enterprise compliance circles: Gartner data suggests only 37% of executives are confident they can track their organisation's compliance program effectiveness. Thrive is betting that a continuous, outsourced model performs better than the audit-focused point-in-time assessments most mid-market organisations rely on.
Thrive primarily serves small and mid-market organisations, positioning Abacode Compliance Services at companies that need framework expertise but lack the internal headcount to sustain it year-round.
