Torq Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.

Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.

Welcome to Torq's Security Trust Center. Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.

Use this portal to learn about our security posture and request full access to our security documentation.

Email us at security@torq.io if you have any additional questions not answered by this Portal.

Compliance

CCPA Logo
CCPA
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
SOC 2 Logo
SOC 2

Torq is reviewed and trusted by

Inditex-company-logoInditex
ICL Group-company-logoICL Group
Orca Security-company-logoOrca Security
Hard Rock Cafe-company-logoHard Rock Cafe
Fiserv-company-logoFiserv
Deepwatch-company-logoDeepwatch
Carvana-company-logoCarvana
Wiz-company-logoWiz
Telefónica-company-logoTelefónica
Agoda-company-logoAgoda
Abnormal Security-company-logoAbnormal Security
Check Point Software-company-logoCheck Point Software
Blackstone-company-logoBlackstone
HashiCorp-company-logoHashiCorp
Riskified-company-logoRiskified
Fiverr-company-logoFiverr
Optiv-company-logoOptiv
Chipotle Mexican Grill-company-logoChipotle Mexican Grill

Documents

REPORTSNetwork Diagram
REPORTSPentest Report
COMPLIANCEGDPR
COMPLIANCEISO 27001
COMPLIANCESOC 2
SELF-ASSESSMENTSCAIQ
DATA SECURITYData Classification
DATA SECURITYData Retrieval and Deletion Request Process
APP SECURITYSDLC Policy
LEGALCyber Insurance
LEGALService-Level Agreement
AIAI Security

Risk Profile

Data Access LevelInternal
Recovery Time Objective1 hour
Recovery Point Objective24 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Other Reports
Pentest Report
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Data Backups
Data Classification
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

AI

AI Governance
AI Monitoring
AI Risk Management
View more

ESG

Anti-Bribery and Corruption

Legal

Subprocessors
Acceptable Use Policy
Cyber Insurance
View more

Data Privacy

Cookies
Data Breach Notifications
Employee Privacy Training

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Firewall
Security Information and Event Management
Spoofing Protection
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Availability Procedures Policy
Backup Policy
Change management policy
View more

Security Grades

Qualys SSL Labs
Commercial website
A
Torq application
A+

Incident Response

Designated Response Personnel
Incident Reporting Process
Pager Service

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking
View more

BC/DR

Alternate Processing/Storage Site
Business Continuity Plan (BCP)
Contingency Plan Testing/Lessons Learned
View more

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more

Change Management

Change Management Program
Change Restrictions
Changes Notification & Verification
View more
Knowledge Base (FAQ)
    How data is transmitted to Torq by the customer
    How is a Customer data segregated from other customer data?
    Please elaborate on your Physical Access Policies/Procedures?
    Torq does not engage subcontractors to provide technical support to our customers?
    What are your RTO and RPO for the service used?
View more
Torq Trust Center Updates

Torq internal response to XZ Utils (CVE-2024-3094) Vulnerability

Copy link
Vulnerabilities
March 31, 2024

Torq conducted a thorough investigation of the recently identified vulnerability CVE-2024-3094 and we found no indication of exposure or risk.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC.

SOC 2 + HIPAA for February 1, 2023, to January 31, 2024

Copy link
Compliance
March 5, 2024

Recent SOC 2 + HIPAA report is available for download

Torq internal response to Leaky Vessels (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653)

Copy link
Vulnerabilities
February 10, 2024

Torq has conducted a thorough investigation of the four recently identified vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652,CVE-2024-23653) dubbed "Leaky Vessels", and we have not found any indication of compromise.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC. During scan results, a CVE-2024-21626 RunC false positives results were detected. The runC library is indirectly included as part of the docker client that is added to specific Torq workloads. This is a false positive case as Torq do not use WORKDIR within its Dockerfile.

Torq is working, however, to update the indirect version to remove the false positives showing up on the scans.

Sub processors changes

Copy link
Subprocessors
January 8, 2024

Torq has started engaging with LearnUpon for its Learning management platform (Replacing Eduflow). Torq has started engaging with Zendesk for its Customer support platform (Replacing Jira Service-Desk).

Onboarding a new sub processor - WP Engine

Copy link
Subprocessors
May 3, 2023

Torq has started engaging with WP Engine (https://wpengine.com/) as hosting for its commercial website (torq.io). Additional information can be found in the Torq Sub-processor Due Diligence paper.

If you need help using this Torq Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo