Torq Trust Center
At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.
Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.
Welcome to Torq's Security Trust Center.
Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.
Use this portal to learn about our security posture and request full access to our security documentation.
Email us at security@torq.io if you have any additional questions not answered by this Portal.
Inditex
ICL Group
Orca Security
Hard Rock Cafe
Fiserv
Deepwatch
Carvana
Wiz
Telefónica
Agoda
Abnormal Security
Check Point Software
Blackstone
PepsiCo
HashiCorp
Riskified
Fiverr
Chipotle Mexican GrillDocuments
- What type and how granular are the Logs we would have access to in order to identify abuse or anti-patterns
- Explain application permissions and roles
- What types of data does Socrates store and process?
- Describe Torq's keys management policy/procedure, key rotation and keys expiration
- What security measures does Torq implement for its AI capabilities, including, but not limited to HyperAgents and Socrates.
Torq internal response to XZ Utils (CVE-2024-3094) Vulnerability
Torq conducted a thorough investigation of the recently identified vulnerability CVE-2024-3094 and we found no indication of exposure or risk.
Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC.
SOC 2 + HIPAA for February 1, 2023, to January 31, 2024
Recent SOC 2 + HIPAA report is available for download
Torq internal response to Leaky Vessels (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653)
Torq has conducted a thorough investigation of the four recently identified vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652,CVE-2024-23653) dubbed "Leaky Vessels", and we have not found any indication of compromise.
Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC.
During scan results, a CVE-2024-21626 RunC false positives results were detected.
The runC library is indirectly included as part of the docker client that is added to specific Torq workloads.
This is a false positive case as Torq do not use WORKDIR within its Dockerfile.
Torq is working, however, to update the indirect version to remove the false positives showing up on the scans.
Sub processors changes
Torq has started engaging with LearnUpon for its Learning management platform (Replacing Eduflow).
Torq has started engaging with Zendesk for its Customer support platform (Replacing Jira Service-Desk).
Onboarding a new sub processor - WP Engine
Torq has started engaging with WP Engine (https://wpengine.com/) as hosting for its commercial website (torq.io). Additional information can be found in the Torq Sub-processor Due Diligence paper.