Social Media Guidelines — Ironframe GRC
Purpose
Consistent, compliant public voice for LinkedIn, X, and technical communities.
Voice and tone
| Attribute | Do | Don't |
|---|---|---|
| Authority | Cite TAS, release evidence, test gates | Vague “AI-powered magic” |
| Precision | BigInt cents, named agents, physical ESG units | Heatmap clichés without contrast |
| Confidence | Control-first, audit-ready | Fear-mongering without remediation path |
| Transparency | GA gaps and roadmap when asked | Overclaim WORM/DEI before shipped |
Brand terms (use consistently)
- Ironframe — product name
- Command Center — primary UI (capitalize)
- Agents — Ironcore, Irontrust, Ironwatch, etc. (capitalize proper names)
- ALE — spell out once per post: Annualized Loss Expectancy
Hashtags (suggested)
#GRC #CyberRisk #RiskQuantification #ESG #ZeroTrust #SOC2 #CISO
Use 3–5 max per post; avoid hashtag stuffing.
Content types
- Agent spotlight — one agent, one legacy failure solved
- Proof post — integration suite, release SHA, screenshot (no customer data)
- Educational — ALE, Irongate, tenant isolation in plain language
- Event — webinar/live demo announcements
Compliance rules
- No customer names or tenant UUIDs without written approval
- No screenshots with real PII or production secrets
- Label simulations: “Staging / shadow plane demo”
- Do not claim SOC 2 certified unless org holds current report—say “SOC 2 aligned controls” instead
Crisis / incident posting
- Only Communications + Security approve posts during active incidents
- No speculating on breach scope on social channels
Approval workflow
- Draft → Product/Eng fact-check
- Marketing edit → Legal if regulated claim
- Schedule via content calendar