Onboarding a new sub processor - Eduflow

Torq Trust Center

Get access to this Torq Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.

Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.

Welcome to Torq's Security Trust Center. Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.

Use this portal to learn about our security posture and request full access to our security documentation.

Email us at security@torq.io if you have any additional questions not answered by this Portal.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
SOC 2 Logo
SOC 2
Get access to this Torq Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Documents

Network Diagram
Other Reports
Pentest Report
ISO 27001
SOC 2
CAIQ
Cyber Insurance
Service-Level Agreement
Subprocessors
Encryption Policy
General Incident Response Policy
Information Security Policy
Other Policies
Password Policy
Software Development Lifecycle
Vulnerability Management Policy
BC/DR

Risk Profile

Data Access LevelInternal
Recovery Time Objective< 12 Hours
Recovery Point Objective24-48 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
Google Cloud Platform
See more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Firewall
Spoofing Protection
Virtual Private Cloud
See more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
See more

Policies

Encryption Policy
General Incident Response Policy
Information Security Policy
See more

Security Grades

Qualys SSL Labs
Commercial website
A
Torq application
A+

Trust Center Updates

Onboarding a new sub processor - Eduflow

Subprocessors

Torq has started engaging with Eduflow (LMS). Additional information can be found in the Torq Sub-processor Due Diligence paper.

Published at N/A

Offboarding a sub processor - Zendesk

Subprocessors

Torq is no longer using Zendesk. All offboarding steps were taken and completed.

Published at N/A

Recent CircleCI and Lastpass breaches

Incidents

Torq is actively evaluating the impact of recent breaches of LastPass and CircleCI on our operations and wanted to provide our customers and prospects an update on what we are doing to assess any potential impact on Torq or our customers.

LastPass

Torq does not use LastPass. We use another industry-leading password manager.

CircleCI

Torq is a CircleCI customer, and this breach could impact any CircleCI customer, including Torq.

By the time we were notified of the CircleCI breach (Jan 4th), we'd enrolled our incident response plan to measure and investigate any potential impact. This included an immediate secrets and credentials rotation, logs investigation, and a few teams efforts.

read here how we utilized our own tool for that.

After a few hours of challenging and accurate work, we closed the incident after making sure there weren't any risks left on Torq.

Torq is continuously monitoring and following closely on industry incidents.

Questions? security@torq.io

Published at N/A

Offboarding a sub processor - Hootsuite

General

Torq is no longer using Hootsuite. All offboarding steps were taken and completed.

Published at N/A

Torq response to OpenSSL 3 Vulnerability

Incidents

After reviewing our infrastructure and SBOM, torq has determined that we are not currently vulnerable to OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 which were disclosed on November 1, 2022.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.