Torq Trust Center

Start your security review

View & download sensitive information

Ask for information

Search items

Overview

At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.

Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.

Welcome to Torq's Security Trust Center. Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.

Use this portal to learn about our security posture and request full access to our security documentation.

Email us at security@torq.io if you have any additional questions not answered by this Portal.

Compliance

Torq is reviewed and trusted by

Armis

Lemonade

Agoda

Abnormal Security

SentinelOne

Blackstone

HashiCorp

ZoomInfo

Riskified

Fiverr

Unity中国

Chipotle Mexican Grill

Documents

REPORTSNetwork Diagram

REPORTSPentest Report

DATA SECURITYData Classification

DATA SECURITYData Retrieval and Deletion Request Process

APP SECURITYSDLC Policy

LEGALCyber Insurance

LEGALService-Level Agreement

AIAI Security

Risk Profile

Data Access LevelInternal

Recovery Time Objective1 hour

Recovery Point Objective24 hours

Product Security

Audit Logging

Data Security

Integrations

Reports

Network Diagram

Other Reports

Pentest Report

Self-Assessments

CAIQ

Data Security

Access Monitoring

Data Backups

Data Classification

App Security

Responsible Disclosure

Code Analysis

Credential Management

AI

AI Governance

AI Monitoring

AI Risk Management

ESG

Anti-Bribery and Corruption

Legal

Subprocessors

Acceptable Use Policy

Cyber Insurance

Data Privacy

Data Breach Notifications

Employee Privacy Training

Access Control

Data Access

Logging

Password Security

Infrastructure

Status Monitoring

Anti-DDoS

BC/DR

Endpoint Security

Disk Encryption

DNS Filtering

Endpoint Detection & Response

Network Security

Firewall

Security Information and Event Management

Spoofing Protection

Corporate Security

Asset Management Practices

Email Protection

Employee Training

Policies

Backup Policy

Change management policy

Encryption Policy

Security Grades

Incident Response

Designated Response Personnel

Incident Reporting Process

Pager Service

Risk Management

Data Access/Impact Levels

Risk Assessments

Supply Chain Risk Management

Asset Management

Asset Classification

Asset Inventories (Hardware/Software)

Asset Tracking

BC/DR

Alternate Processing/Storage Site

Business Continuity Plan (BCP)

Contingency Plan Testing/Lessons Learned

Training

Employee Privacy Training

Phishing Training

Role-Based Training

Change Management

Change Management Program

Change Restrictions

Changes Notification & Verification

Knowledge Base (FAQ)

Does your product support MFA

Torq does not engage subcontractors to provide technical support to our customers?

Describe your anti-bribery and corruption policies and any measures in place to ensure compliance with the Foreign Corrupt Practices Act (FCPA) or similar legislation

How long the data is retained?

Where is the physical location of Torq's cloud? (Which country/state/availability region are you running in?)

Torq Trust Center Updates

Torq internal response to XZ Utils (CVE-2024-3094) Vulnerability

VulnerabilitiesCopy link

Torq conducted a thorough investigation of the recently identified vulnerability CVE-2024-3094 and we found no indication of exposure or risk.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC.

Published at N/A

SOC 2 + HIPAA for February 1, 2023, to January 31, 2024

ComplianceCopy link

Recent SOC 2 + HIPAA report is available for download

Published at N/A

Torq internal response to Leaky Vessels (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653)

VulnerabilitiesCopy link

Torq has conducted a thorough investigation of the four recently identified vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652,CVE-2024-23653) dubbed "Leaky Vessels", and we have not found any indication of compromise.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC. During scan results, a CVE-2024-21626 RunC false positives results were detected. The runC library is indirectly included as part of the docker client that is added to specific Torq workloads. This is a false positive case as Torq do not use WORKDIR within its Dockerfile.

Torq is working, however, to update the indirect version to remove the false positives showing up on the scans.

Published at N/A

Sub processors changes

SubprocessorsCopy link

Torq has started engaging with LearnUpon for its Learning management platform (Replacing Eduflow). Torq has started engaging with Zendesk for its Customer support platform (Replacing Jira Service-Desk).

Published at N/A

Onboarding a new sub processor - WP Engine

SubprocessorsCopy link

Torq has started engaging with WP Engine (https://wpengine.com/) as hosting for its commercial website (torq.io). Additional information can be found in the Torq Sub-processor Due Diligence paper.

Published at N/A

If you need help using this Torq Trust Center, please contact us.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Report Issue