Torq Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.

Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.

Welcome to Torq's Security Trust Center. Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.

Use this portal to learn about our security posture and request full access to our security documentation.

Email us at security@torq.io if you have any additional questions not answered by this Portal.

Start your security review
View & download sensitive information
Ask for information
Armis-company-logoArmis
Lemonade-company-logoLemonade
Agoda-company-logoAgoda
Abnormal Security-company-logoAbnormal Security
SentinelOne-company-logoSentinelOne
Blackstone-company-logoBlackstone
HashiCorp-company-logoHashiCorp
ZoomInfo-company-logoZoomInfo
Riskified-company-logoRiskified
Fiverr-company-logoFiverr
ironSource-company-logoironSource
Chipotle Mexican Grill-company-logoChipotle Mexican Grill

Documents

Network Diagram

Knowledge Base

    Does your product support MFA
    Where is the physical location of Torq's cloud? (Which country/state/availability region are you running in?)
    For using your service , does customer have to modify DNS records?
    Does your organization enforce strong multi-factor authentication for all users - privileged and regular users, remote access and on-premise users
    Specify the antivirus software used on the workstations and servers, their versions, and the frequency of their update.
View more

Torq Trust Center Updates

Torq internal response to XZ Utils (CVE-2024-3094) Vulnerability

VulnerabilitiesCopy link

Torq conducted a thorough investigation of the recently identified vulnerability CVE-2024-3094 and we found no indication of exposure or risk.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC.

Published at N/A

SOC 2 + HIPAA for February 1, 2023, to January 31, 2024

ComplianceCopy link

Recent SOC 2 + HIPAA report is available for download

Published at N/A

Torq internal response to Leaky Vessels (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653)

VulnerabilitiesCopy link

Torq has conducted a thorough investigation of the four recently identified vulnerabilities (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652,CVE-2024-23653) dubbed "Leaky Vessels", and we have not found any indication of compromise.

Torq utilizes open-source, IaC, Container AppRisk, SAST and SCA tooling as part of our standard practices to detect vulnerabilities within its SDLC. During scan results, a CVE-2024-21626 RunC false positives results were detected. The runC library is indirectly included as part of the docker client that is added to specific Torq workloads. This is a false positive case as Torq do not use WORKDIR within its Dockerfile.

Torq is working, however, to update the indirect version to remove the false positives showing up on the scans.

Published at N/A

Sub processors changes

SubprocessorsCopy link

Torq has started engaging with LearnUpon for its Learning management platform (Replacing Eduflow). Torq has started engaging with Zendesk for its Customer support platform (Replacing Jira Service-Desk).

Published at N/A

Onboarding a new sub processor - WP Engine

SubprocessorsCopy link

Torq has started engaging with WP Engine (https://wpengine.com/) as hosting for its commercial website (torq.io). Additional information can be found in the Torq Sub-processor Due Diligence paper.

Published at N/A

SOC 2 + HIPAA for February 1, 2022, to January 31, 2023

ComplianceCopy link

Recent SOC 2 + HIPAA report is available

Published at N/A

Recent SOC 2 + HIPAA report is available

Published at N/A

Onboarding a new sub processor - Eduflow

SubprocessorsCopy link

Torq has started engaging with Eduflow (LMS). Additional information can be found in the Torq Sub-processor Due Diligence paper.

Published at N/A

Offboarding a sub processor - Zendesk

SubprocessorsCopy link

Torq is no longer using Zendesk. All offboarding steps were taken and completed.

Published at N/A

Recent CircleCI and Lastpass breaches

IncidentsCopy link

Torq is actively evaluating the impact of recent breaches of LastPass and CircleCI on our operations and wanted to provide our customers and prospects an update on what we are doing to assess any potential impact on Torq or our customers.

LastPass

Torq does not use LastPass. We use another industry-leading password manager.

CircleCI

Torq is a CircleCI customer, and this breach could impact any CircleCI customer, including Torq.

By the time we were notified of the CircleCI breach (Jan 4th), we'd enrolled our incident response plan to measure and investigate any potential impact. This included an immediate secrets and credentials rotation, logs investigation, and a few teams efforts.

read here how we utilized our own tool for that.

After a few hours of challenging and accurate work, we closed the incident after making sure there weren't any risks left on Torq.

Torq is continuously monitoring and following closely on industry incidents.

Questions? security@torq.io

Published at N/A

Offboarding a sub processor - Hootsuite

GeneralCopy link

Torq is no longer using Hootsuite. All offboarding steps were taken and completed.

Published at N/A

Torq response to OpenSSL 3 Vulnerability

IncidentsCopy link

After reviewing our infrastructure and SBOM, torq has determined that we are not currently vulnerable to OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 which were disclosed on November 1, 2022.

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo