Security and Compliance

SOC 2 Type II Compliant

Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times
SOC 2 Type 2 compliance covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy
Compliance reports produced periodically by external auditors are available upon request

HIPAA Compliant

Torq’s infrastructure and operations is being externally and internally audited and was found compliant with the privacy management requirements of the Health Insurance Portability and Accountability Act
When engaging with HIPAA covered entities, while Torq never requires access to PHI, we are happy to provide and sign a HIPAA Business Associate Agreement (BAA) to assure the highest level of care for information that is being provided to us

GDPR Compliant

Torq’s information handling procedures and privacy operations are compliant with with EU General Data Protection Regulations (GDPR)
Torq performs strict due-diligence with its subcontractors and can provide an up-to-date Data Processing Addendum (DPA) for counter signing
Our GDPR-compliant and HIPAA-compliant operations model identifies, segregates and encrypts customer data at each stage of the data funnel
All privacy-related requests should be addressed to [email protected]

Enterprise-Grade Security Service

Enterprise Single SignOn: Torq integrates with leading Enterprise Single Sign-On and Multi-Factor Authentication providers, such as, but not limited to Microsoft Azure AD, Okta, OneLogin, Ping Identity, Google Identity, Duo Security and more.
Role-Based Access Control: Our granular Role-based Access Control (RBAC) allows managing permissions inside the automation and orchestration environments on a least-privilege basis, ensuring operational processes that adhere to industry standards in terms of security and privacy.
Secure Immutable Infrastructure: The Torq service is operated with immutable cloud-based compute components that are continuously aligned to the latest and most secure releases of relevant software packages.
Zero Trust Access to Distributed Environments: Torq is leveraging a Zero Trust approach for orchestrating processes taking place in distributed environments, allowing organizations to adopt very strict security requirements while running efficient operations.

Complete Accountability and Transparency

The technical and operations teams at Torq firmly believe in making sure that multiple layers of security awareness exist throughout our software development cycle.

Network and Access Security

Torq solution architecture is built on network isolation of production environments and Zero Trust access with least privileges principle for all services and operators. All activity is being audited and historical records are maintained.

Datacenter Security

Torq relies on leading infrastructure providers, such as GCP and AWS for the hosting of its application infrastructure. GCP and AWS data centers are subject to very strict physical access control and industrial compliance standards.

Application Security

Our engineering organization has adopted an uncompromising security-first methodology. Beginning with introducing application security reviews on all design and development stages, and following through with executing security tests as a part of CI/CD pipeline.

External Audits & Tests

Our platform and infrastructure are periodically audited and tested to ensure the highest levels of security. Penetration test reports from industry-leading application and infrastructure security specialists are available upon request.

Contact the Torq Security Team

You can contact Torq about privacy or security-related matters at the following email addresses:

Privacy: [email protected]

Security: [email protected]