Add some compliance docs

pages/guides/adapting-policies.mdx

@@ -0,0 +1,31 @@
+# Adapting policies to your organization
+
+Implementing security policies that align with your organization's specific needs is crucial for effective compliance. Our platform offers two types of policy templates to assist you in this process:
+
+- **Formal (Minimum Viable Policies)**: These templates cover essential security guidelines.
+- **Comprehensive**: These are more detailed policies that include stricter requirements, ideal for organizations aiming to adopt comprehensive frameworks like ISO 27001 in the future.
+
+## Adapting Policies
+
+When customizing the templates, focus on adjusting the language to reflect your organization's practices without altering the core intent of the policies. We recommend retaining most of the guidelines but adapting the wording to fit your organizational setup.
+
+**Example:**
+
+- Original Policy Statement:
+
+    > 1. Keys and key cards are provided to a subset of employees and are granted on a needs-oriented basis.
+
+- Adapted Policy Statement (if using pin codes instead of keys):
+
+    > 1. Access pin codes are provided to a subset of employees and are granted on a needs-oriented basis.
+
+
+This ensures the policy remains relevant and accurately represents your security measures.
+
+For certifications like **SOC 2 Type II**, it's essential to demonstrate that your organization follows its stated policies and procedures. Our platform's controls are designed to guide you in providing the necessary evidence.
+
+## Need Assistance?
+
+If you have questions about specific guidelines in the policies or need help applying anything to your organization, please don't hesitate to reach out. We're here to help ensure that your security program is both effective and tailored to your company's unique needs.
+
+**Remember:** The goal is to maintain best security practices while making policies practical and applicable to your organization's environment.

pages/guides/marketing-your-security.mdx

@@ -0,0 +1,254 @@
+import {Tabs} from 'nextra/components'
+
+# Marketing your security
+
+We get it — working on compliance might not be the most exciting part of running a business. But here’s the thing: your hard work on compliance is not just about ticking boxes, especially here at Oneleet. We’re actively helping you up level your security and we want to encourage you to leverage these efforts as much as possible to unlock even more customers.
+
+This resource is packed with actionable ideas to turn your compliance and security journey into a marketing advantage — whether you’re just starting, making progress, or celebrating your new certification.
+
+## Stage 1: You've just begun to work on your compliance program
+*Key messaging: We’re starting this journey to protect your data and business better.*
+
+### Publish your trust page
+- **What to do:** Once onboarded to the Oneleet platform, set up and publish your customizable Trust Page. Start with the essentials, like your commitment to compliance and data security. As you progress, you can easily update the page with certifications, policies, and other details that showcase your security journey.
+- **How to implement:** Include this achievement to your newsletter, share the page on LinkedIn and other socials.
+
+**Post Examples**
+
+    > "We're excited to share our new Trust Page! This is where you'll find all the latest updates on how we protect your data and ensure compliance. Check it out [link to Trust Page]!"
+
+    > "We're taking the first steps in our compliance journey with the goal of keeping your data safer than ever. Check out our Trust Page to learn more [link to Trust Page]!"
+
+    > "Transparency is key to trust! Explore our new Trust Page to see the measures we’re taking to protect your data and uphold the highest compliance standards. [link to Trust Page]"
+
+    > "Your security is our priority. Visit our Trust Page to learn how we’re building a safer, more compliant future for your data. [link to Trust Page]" 
+
+### Website improvements: FAQ updates
+
+Update your FAQ section to show your commitment to security and transparency by addressing key customer concerns about data protection. 
+
+- **With questions such as:**
+    - “What is [Your Company] doing about security?”
+    - "What steps is [Your Company] taking to protect my data?"
+    - “How does [Your Company] prioritize security?"
+    - "Is [Your Company] compliant with security standards?"
+- **Answer examples:**
+    - “We’re working with Oneleet to align with industry standards like [Frameworks you’re working on e.g. SOC 2, ISO 27001, and GDPR] to keep your data secure and build trust.”
+    - “We're actively working with Oneleet to build a robust compliance program. Our goal is to ensure your data is always protected.”
+    - “We’re partnering with Oneleet to implement a comprehensive compliance program. This ensures your data is secure and handled with the utmost care.”
+    - “With the help of Oneleet, we’re developing a robust security framework to maintain the safety and integrity of your data.”
+- **Where to put it:** Place this in the FAQ section, optionally include it in a "Security & Privacy" section for easy visibility as well.
+
+### Add the compliance badge:
+Showcase your commitment to compliance by adding the Compliance Badge to your website. This badge highlights your progress on the compliance journey, giving your users confidence in your dedication to security and data protection.
+
+- **Where to put it:** Place the badge in the footer of your website, Trust Page or on a dedicated security page.
+- **How to add it:**
+
+    Embed our dynamic badges directly on your website by:
+
+    1. Heading to the **Frameworks** page
+    2. Click the '**Compliance** **Badges**' button
+    3. Choose from the available badges, and toggle between light and dark mode
+    4. Embed the badge on your own site using `<img>` tags
+
+    Our badges auto-update to display your compliance status ("In Progress" or "Compliant") and support all frameworks we offer: SOC2 Type 1 & 2, CIS IG1, HIPAA, ISO 27001, PCI DSS, and GDPR.
+
+    ![](/marketing/badge.gif)
+
+**Pitch deck updates**
+
+If you’re in the fundraising and would like to add a slide in your pitchdeck outlining your security program, reach out to the Oneleet team and **we’ll create a tailored slide** for you.
+
+## Stage 2: You’re in the process of completing your program
+Key messaging: We’re actively building out our security foundation.
+
+### **Showcase progress on your Trust Page**
+
+- **Example phrasing for posts:**
+
+    > "We’ve completed key milestones in our compliance journey, including implementing [specific measures]."
+
+    > "We’re proud to share progress in our compliance journey, including achieving [specific milestone] and enhancing our security practices."
+
+    > "Transparency matters. We’ve updated our Trust Page with the latest milestones, such as [specific measures], to keep you informed."
+
+    > "We’ve reached new heights in safeguarding your data by implementing [specific measures]. Explore more on our Trust Page."
+
+    > "Our compliance journey continues! Check out the Trust Page for updates on key achievements like [specific measures]."
+
+    > "Keeping your data safe is our top priority. Learn more about our recent milestones, including [specific measures], on our Trust Page."
+
+### **Announce your milestones on your compliance journey, such as completing a pentest**
+
+- **What to do:** Announce the successful completion of your penetration test.
+- **Add document to your Trust Page:**
+
+    Enhance transparency by uploading key documents, like your penetration test report, to the document section of your Trust Page.
+
+    1. Add the documents you’d like to add to your Evidence library 
+    2. Go to your Trust center on the Oneleet platform
+    3. Scroll down and select `+ Add documents`
+    4. Add the document you’d like to add in the Evidence section and select who will be able to download the document (`public` or `request only`)
+    5. Done! (if you’d like to change the title of the document, change the document name in your Evidence library)
+
+- **Social media post example:**
+
+    > "We’ve just completed a thorough penetration test to ensure your data stays safe. Thanks to Oneleet for helping us strengthen our defenses!"
+
+    > "We take your data security seriously. That’s why we’ve partnered with Oneleet to conduct a comprehensive penetration test, ensuring our systems are stronger than ever."
+
+    > "Your trust means everything to us. We’ve completed a rigorous penetration test with the help of Oneleet to reinforce our commitment to keeping your data secure."
+
+    > "Our defenses just got an upgrade! We’ve wrapped up a penetration test with Oneleet, identifying and fixing potential vulnerabilities to better protect your data."
+
+    > "We’re leveling up our security! Thanks to Oneleet’s in-depth penetration test, we’ve fortified our systems to keep your data safe and sound."
+
+## Stage 3: You’ve completed your certification
+Key messaging: We’re certified!
+
+### **Official announcement:**
+
+In this official announcement, you can choose many routes to promote your achievement. Wether you want to post on your socials, include it in your newsletter, email your users, or post a blog/article about it. Here we have a few examples on how to promote your milestone.
+
+### **Social media post:** Let your audience know you’re compliant, post on socials such as LinkedIn, X, Instagram and Facebook.
+
+While it’s completely optional, we’d love it if you could give a nod to Oneleet when sharing your announcement. This helps us amplify your achievements and show how we support our clients.
+
+Once you post, let us know! We’d be happy to repost it through our channels for additional reach and visibility, celebrating your commitment to security and compliance with our network.
+
+**Caption examples:**
+
+- "Security is our top priority, and we’re excited to announce we’ve earned [Certification Name]! This achievement reflects our dedication to protecting your trust."
+- "We’re thrilled to announce that [Your Company] is now SOC 2 compliant! This marks a major milestone in our commitment to protecting your data."
+- "It’s official! [Your Company] has achieved [Certification Name], marking a key milestone in our journey to keep your data safe. Thank you to Oneleet for helping us get here!"
+
+**We have templates available for this!** 
+
+![soc2.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/2a6f783a-cf94-412b-b4ad-dcb6fa043be7/02ca995d-f9c6-415e-ba42-f4ce674d0d23/soc2.png)
+
+![soc2-1.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/2a6f783a-cf94-412b-b4ad-dcb6fa043be7/f0a9fe77-284e-46ba-bfdc-f7b1be446595/soc2-1.png)
+
+### Email your users with the news!
+
+Let your users know about your certification milestone with a concise and engaging email. Include a link to your blog post (if you wrote one) or Trust Page for more details. Make it personal by thanking your customers for their support and emphasizing how this achievement benefits them. You can also include the visuals you would use on your socials to promote this, giving it a nice touch of not having just text in the email.
+
+- **Email subject line examples**
+    - "Big News: [Your Company] Is Officially Certified!"
+    - **"We’ve Achieved a Big Milestone in Security and Compliance!"**
+    - **"Exciting News: [Your Company] Has Earned [Certification Name]"**
+    - **"Your Data Is Safer Than Ever: We’re Certified!"**
+- **Email body example templates:**
+    - Hi [Customer Name],
+
+    We’re thrilled to share some exciting news—[Your Company] is now [Framework] certified! This certification reflects our commitment to protecting your data and meeting the highest standards of security and compliance.
+
+    Thank you for trusting us on this journey. We’re more dedicated than ever to keeping your information secure.
+
+    Want to learn more about what this means for you? Check out our blog post [link to blog] or visit our Trust Page [link to Trust Page].
+
+    Best regards,
+    [Your Name]
+    [Your Company]
+
+    - Hi [Customer Name],
+
+        We’re proud to announce a major milestone for [Your Company]: achieving [Framework] certification! This accomplishment is a testament to our dedication to safeguarding your data and ensuring compliance with industry standards.
+
+        We couldn’t have done it without the trust and support of customers like you.
+
+        Check out more details on our website here: [link to blog or Trust Page].
+
+        Thank you for being part of this journey!
+
+        Warm regards,
+        [Your Name]
+        [Your Company]
+
+    - Hi [Customer Name],
+
+        Big news: [Your Company] has officially achieved [Framework] certification! This is more than just a milestone—it’s our way of showing that your security and trust are always our top priorities.
+
+        This certification means that we’ve implemented the highest standards to protect your data and maintain compliance.
+
+        Learn more about how this benefits you and what’s next for [Your Company] in our [blog post or trust page] here: [link].
+
+        Thank you for being part of our journey!
+
+        Best regards,
+        [Your Name]
+        [Your Company]
+
+
+### **Write an article/blog post**
+
+Share the news of your certification in a detailed blog post. Use the article to explain what the certification means for your customers, how you achieved it, and your ongoing commitment to security. Publish it on your company website and promote it through your newsletter and social media channels. 
+
+- **Title ideas**
+    - *"Certified and Secure: What This Means for You."*
+    - "We’re Now SOC 2 Compliant: What This Means for You"
+    - "Securing Your Trust: Our Latest Certification Milestone"
+    - "We’re Certified! What It Means for You and Your Data"
+    - "Achieving Excellence in Security and Compliance"
+    - "Protecting Your Data: A New Certification, A Stronger Commitment"
+    - "Raising the Standard: [Your Company] Achieves Industry Certification"
+    - "How We’re Keeping Your Data Safe"
+    - "Milestone Achieved: [Your Company] Is Now Certified"
+    - "Trust Earned: Our Compliance Journey and What’s Next"
+    - "Setting the Bar High: Celebrating Our Compliance Success"
+    - "A Big Step Forward: [Your Company] Secures [Certification Name]"
+
+- **Outline example**
+    1. **Introduction:**
+
+        Start by announcing the certification and why it’s an important milestone for your company. Highlight your commitment to security and compliance.
+
+    2. **What the Certification Means:**
+
+        Explain the certification in simple terms—what it entails and why it matters. Share how it demonstrates your company’s adherence to industry standards and dedication to data protection.
+
+    3. **What It Means for Customers:**
+
+        Outline the direct benefits for your customers, such as improved data security, trustworthiness, and reduced risk. Use this section to reassure them that their data is in safe hands.
+
+    4. **How You Achieved It:**
+
+        Briefly describe the process and efforts involved, emphasizing transparency and hard work. Mention any partners (like Oneleet) that helped along the way.
+
+    5. **What’s Next:**
+
+        Conclude by stating that the certification is just the beginning and that your company is committed to continuous improvement in security and compliance. Highlight upcoming goals or ongoing initiatives.
+
+    6. **Call to Action:**
+
+        Encourage customers to reach out with any questions or learn more on your Trust Page. You might also invite them to share the news on social media or subscribe for future updates.
+
+
+**Place your Compliance badge!**
+
+If you haven’t already placed your compliance badge, now would be a great time to do so! You can also include the badge in your email signature, marketing collateral, and sales decks, as you’d like. 
+
+**→ If you’d be interested in writing or recording a testimonial, please reach out to the Oneleet team and we’ll collaborate on creating effective, high-quality marketing material for you and us!**
+
+
+## And beyond…
+
+Key messaging: Yes, we’ve achieved certification, but our commitment to security doesn’t stop there.
+
+### **Marketing Opportunities:**
+
+- **Evolve Your Security Program**
+
+    Partner with Oneleet to take your security program to the next level. Whether it’s implementing new controls, addressing emerging risks, or preparing for additional certifications, we can provide the expertise you need. Together, we can also craft messaging to showcase these ongoing efforts to your stakeholders.
+
+- **Turn Challenges into Opportunities**
+
+    If a security researcher reports a vulnerability, don’t panic — Oneleet can guide you through managing public disclosures. By responding transparently and swiftly, you can transform a potentially negative incident into a demonstration of your proactive approach to security, boosting public confidence and even earning positive press.
+
+- **Showcase Your Growth**
+
+    Keep your audience informed about your ongoing commitment to security with regular updates on your Trust Page or through social media. 
+
+- **Future Certifications and Beyond**
+
+    Leverage your existing compliance foundation to pursue additional certifications or align with new frameworks, expanding your credibility in the market. Oneleet is here to help guide the process and communicate these achievements effectively.