Torq Security and Compliance
Built and operated by enterprise cyber security professionals, Torq complies with the industry leading security, privacy and reliability standards and practices.
SOC 2 Type II Compliant
- Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times
- SOC 2 Type 2 compliance covers the AICPA’s Trust Services Principles and Criteria for Security, Availability, Confidentiality, and Privacy
- Compliance reports produced periodically by external auditors are available upon request
HIPAA Compliant
- Torq’s infrastructure and operations is being externally and internally audited and was found compliant with the privacy management requirements of the Health Insurance Portability and Accountability Act
- When engaging with HIPAA covered entities, while Torq never requires access to PHI, we are happy to provide and sign a HIPAA Business Associate Agreement (BAA) to assure the highest level of care for information that is being provided to us
GDPR Compliant
- Torq’s information handling procedures and privacy operations are compliant with with EU General Data Protection Regulations (GDPR)
- Torq performs strict due-diligence with its subcontractors and can provide an up-to-date Data Processing Addendum (DPA) for counter signing
- Our GDPR-compliant and HIPAA-compliant operations model identifies, segregates and encrypts customer data at each stage of the data funnel
- All privacy-related requests should be addressed to [email protected]
Enterprise-Grade Security Service
- Enterprise Single SignOn: Torq integrates with leading Enterprise Single Sign-On and Multi-Factor Authentication providers, such as, but not limited to Microsoft Azure AD, Okta, OneLogin, Ping Identity, Google Identity, Duo Security and more.
- Role-Based Access Control: Our granular Role-based Access Control (RBAC) allows managing permissions inside the automation and orchestration environments on a least-privilege basis, ensuring operational processes that adhere to industry standards in terms of security and privacy.
- Secure Immutable Infrastructure: The Torq service is operated with immutable cloud-based compute components that are continuously aligned to the latest and most secure releases of relevant software packages.
- Zero Trust Access to Distributed Environments: Torq is leveraging a Zero Trust approach for orchestrating processes taking place in distributed environments, allowing organizations to adopt very strict security requirements while running efficient operations.