DOCUMENTATION HUB·LEVEL_2

Social Media Guidelines — Ironframe GRC

REF_PATH: marketing/social-media-guidelinesSOURCE: APP_DOCUMENTS_DB

Social Media Guidelines — Ironframe GRC

Purpose

Consistent, compliant public voice for LinkedIn, X, and technical communities.

Voice and tone

AttributeDoDon't
AuthorityCite TAS, release evidence, test gatesVague “AI-powered magic”
PrecisionBigInt cents, named agents, physical ESG unitsHeatmap clichés without contrast
ConfidenceControl-first, audit-readyFear-mongering without remediation path
TransparencyGA gaps and roadmap when askedOverclaim WORM/DEI before shipped

Brand terms (use consistently)

  • Ironframe — product name
  • Command Center — primary UI (capitalize)
  • Agents — Ironcore, Irontrust, Ironwatch, etc. (capitalize proper names)
  • ALE — spell out once per post: Annualized Loss Expectancy

Hashtags (suggested)

#GRC #CyberRisk #RiskQuantification #ESG #ZeroTrust #SOC2 #CISO

Use 3–5 max per post; avoid hashtag stuffing.

Content types

  1. Agent spotlight — one agent, one legacy failure solved
  2. Proof post — integration suite, release SHA, screenshot (no customer data)
  3. Educational — ALE, Irongate, tenant isolation in plain language
  4. Event — webinar/live demo announcements

Compliance rules

  • No customer names or tenant UUIDs without written approval
  • No screenshots with real PII or production secrets
  • Label simulations: “Staging / shadow plane demo”
  • Do not claim SOC 2 certified unless org holds current report—say “SOC 2 aligned controls” instead

Crisis / incident posting

  • Only Communications + Security approve posts during active incidents
  • No speculating on breach scope on social channels

Approval workflow

  1. Draft → Product/Eng fact-check
  2. Marketing edit → Legal if regulated claim
  3. Schedule via content calendar

Related documents