Kalpesh Thombre

Kalpesh Thombre is the Founder & CEO of AuditPath, a compliance automation platform that helps B2B software companies achieve SOC 2 Type II, ISO 27001, and DPDP Act certification without the 12-month spreadsheet nightmare.

Before founding AuditPath, Kalpesh spent years building and securing cloud-native products at B2B SaaS companies in India. He saw the same problem repeatedly: compliance was blocking enterprise deals, the existing tools were priced for Fortune 500 companies, and the only playbook available was “hire a consultant and spend nine months gathering screenshots”.

AuditPath was built to change that. By connecting directly to AWS via a read-only cross-account IAM role and automatically mapping cloud configuration evidence to the AICPA Trust Service Criteria, AuditPath compresses the preparation phase from months to weeks — with a free plan that requires no credit card.

Kalpesh writes about practical compliance strategy for software companies — what auditors actually look for, how to prepare for SOC 2 without burning your engineering team, and how India's DPDP Act 2023 changes the compliance landscape for Indian SaaS companies.

Areas of expertise

• SOC 2 Type I & Type II — Trust Service Criteria, evidence strategy, auditor readiness
• ISO 27001:2022 — ISMS implementation, Annex A controls, certification preparation
• DPDP Act 2023 — India data protection obligations, consent frameworks, breach notification
• AWS cloud security — IAM, CloudTrail, VPC, S3, RDS security controls
• Compliance automation — evidence collection pipelines, control mapping, gap analysis
• B2B SaaS — enterprise sales, security questionnaire strategy, trust-building at scale

Writing

Kalpesh authors all compliance guides on the AuditPath blog:

• What Is SOC 2 Type 2? The Complete Guide for Software Companies
• SOC 2 vs ISO 27001: Key Differences & How to Choose
• DPDP Act 2023 Explained: India's New Data Protection Law