Overview Framework Documents Status Request Access
All systems operational · NIST CSF 2.0 Aligned

Security you can verify, not just trust.

Torchsec Technologies aligns every part of our managed security operation to NIST CSF 2.0 — to protect client data, manage risk, and maintain operational resilience. This is our posture, in the open.

🛡️
NIST CSF 2.0 Aligned
Self-attested · Reviewed continuously
Detection
24/7/365 SOC
Data at rest
AES-256
Data in transit
TLS 1.3
Access
MFA · PoLP
Least-privilege access everywhere 24/7/365 monitoring & response Encrypted in transit & at rest Immutable, air-gapped backups EDR/XDR on every endpoint
The Framework

Our posture, mapped to the six functions of NIST CSF 2.0.

Rather than a wall of disconnected policies, our program is organized so a CISO or compliance officer can audit our posture at a glance — function by function.

🏛️
GV

Govern

Context · Strategy · Roles
  • Corporate Security Governance policy framework with defined ownership and accountability.
  • Regular security-awareness training, executive leadership oversight, and continuous compliance reviews.
  • SaaS & AI governance — AI Acceptable-Use policies and runtime monitoring safeguards for agentic tooling.
🔍
ID

Identify

Assets · Risk · Improvement
  • Continuous asset discovery across internal endpoints, cloud workloads, and client-facing infrastructure.
  • A defined vulnerability-management lifecycle — findings prioritized, scored, and scheduled for remediation.
  • Structured third-party vendor risk management and sub-processor oversight.
🛡️
PR

Protect

Data · Identity · Platform
  • Access controls — enforced MFA, SSO, and the Principle of Least Privilege.
  • Data protection — AES-256 for data-at-rest, TLS 1.3 for data-in-transit.
  • Endpoint security — EDR/XDR architecture that stops fileless and script-based execution.
📡
DE

Detect

Monitoring · Analysis
  • 24/7/365 SOC — continuous logging, monitoring, and behavioral analysis.
  • Broad telemetry ingestion across endpoint, cloud, network, and API layers, aggregated and correlated in a SIEM.
  • Anomaly detection tuned to surface early indicators of compromise.
🚨
RS

Respond

Incident Management
  • A documented Incident Response plan with defined severity tiers and ownership.
  • Practiced containment strategies to limit blast radius quickly.
  • Clear communication protocols for affected clients and stakeholders.
♻️
RC

Recover

Resilience · Continuity
  • A BCDR framework with defined backup frequencies and recovery time objectives (RTOs).
  • Air-gapped, immutable storage protecting recovery points from tampering.
  • Post-incident review that feeds lessons learned back into Govern & Identify.
Resource & Document Library

Artifacts for your security review.

Public artifacts are available immediately. Restricted artifacts contain sensitive detail and are released to qualified prospects under NDA — request access and our team will respond promptly.

Artifact
Document Type
Access Level
NIST CSF 2.0 Shared Responsibility MatrixWho owns what across the Torchsec-managed stack
PDF Guide
Public
Privacy Policy & Data Processing Addendum (DPA)How we collect, process, and protect data
Legal Document
Public
Executive Summary — Annual Third-Party Penetration TestIndependent testing results, sanitized
PDF Summary
Restricted · NDA
Full NIST CSF 2.0 Self-Assessment MappingControl-by-control posture across all six functions
Spreadsheet / Report
Restricted · NDA
Incident Response Plan (Sanitized)Containment, escalation, and communication procedures
Standard Operating Procedure
Restricted · NDA
SOC 2 Type II Audit ReportIndependent attestation — on our compliance roadmap
Full Compliance Audit
Roadmap · In Progress
Real-Time Posture

Live operational health & change history.

A Trust Center should reflect reality, not a snapshot. Here's the current status of our client-facing platforms and a running log of posture changes.

System Status Live

Singular — MSP Platform
singular.torchsec.com
Operational
Document Suite
suite.torchsec.com
Operational
Client Support Portal
torchsec.itclientportal.com
Operational
Corporate Website
torchsec.com
Operational
Checking status…

Compliance Change Log

  • Jul 2026
    Trust Center publishedPublic posture mapped to NIST CSF 2.0, with an NDA artifact-request workflow.
  • Jun 2026
    Full NIST CSF 2.0 self-assessment completedControl-by-control review across all six functions; remediation items scheduled.
  • Q2 2026
    AI Acceptable-Use policy adoptedGovernance and runtime-monitoring safeguards for agentic/SaaS tooling.
  • In progress
    SOC 2 Type II readinessRoadmapped for independent attestation. Subscribe to be notified on completion.
🔔 Subscribe to updates
Secure Document Access

Need our full compliance package?

Procurement teams and security reviewers can request our restricted artifacts under NDA, or subscribe to be notified whenever we publish a new audit or update a policy — keeping you current through the deal cycle.