Title: New Compliance Documentation Now Available
‍
​Tag: Compliance
​
​Body: We here at [Company] have just completed our latest audit for [ISO / SOC 2] [certification / compliance]! Documentation is now available in our Trust Center at https://trust[.]yourcompany[.]com

​

Title: New SOC 2 Report Now Available
​
​Tag: Compliance
​
​Body: Our SOC 2 Type 2 report for the period of [date] to [date] is now available through our Trust Center.
​
Completion of the SOC 2 Type 2 audit demonstrates [Company]’s continued commitment to the security of our [Product name] product and that of our overall security posture.
​

Title: New ISO Certification
​
​Tag: Compliance
​
​Body: [Company] has recently achieved certification in ISO 27001, with our most recent certificate available for review in our Trust Center. ISO 27001 demonstrates our commitment to meet and exceed international information security standards.
​
More information is available here: [link to a public blog post and/or news article about the specific ISO certification, what it means, etc.]
​

Title: Privacy Compliance Update - [Specific privacy law/reg here]
​
​Tag: Compliance
​
​Body: [Company] has conducted a full review of [the specific privacy law or regulation you’re choosing to highlight] and ensured that we are fully compliant.
​
Full details regarding how [Company] handles customer data are always available through our Privacy Policy at https://www[.]yourcompany[.]com/privacy
​

Title: SOC 2 Audit In Progress
‍
​Tag: Compliance
‍
​Body: [Company] has just begun our annual SOC 2 Type 2 audit process. SOC 2 Type 2 compliance is an important part of how we attest to our security program’s strength here at [Company].
‍
As we work with [the independent auditing firm] to articulate the various aspects of our security posture, we are happy to provide a bridge letter for any customers conducting vendor reviews during this time.

Title: Vulnerability Advisory - [Company] [Product name]
‍
​Tag: Vulnerabilities
‍
​Body: [Company] recently discovered, through disclosure, that vulnerabilities exist within the [Product name] product. These vulnerabilities were brought to light through [background on how these were disclosed: bug bounty, hacking competitions, security research, etc.]. Links to additional information are below:
​
https://www[.]vulnerabilityinfo[.]com/yourinfohere
​
Action has already been taken by [Company] to remediate and patch these vulnerabilities. The purpose of this advisory is to keep our customers informed and aware of changes to our product, most importantly updates to the security of [Product name]. Additional testing has shown that these vulnerabilities no longer exist.
​
[Company] appreciates the efforts of those that helped with this responsible disclosure.

Title: [Company] Not Impacted by [Incident name]
​
​Tag: Incidents
​
​Body: On [exact date Company learned of incident], [Company] became aware of the [Incident name] security incident. Reputable threat intelligence sources have reported that this incident impacts [threat surface details here - link to relevant CVE, if available].
​
​We want our customers to know that [Company] is not impacted by this vulnerability.
​
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
​

Title: [Company] Update - [Incident name]
‍
​Tag: Incidents
‍
​Body: On [exact date Company learned of incident], [Company] became aware of the [Incident name] security incident. Reputable threat intelligence sources have reported that this incident impacts [threat surface details here - link to relevant CVE, if available].
‍
[Company] maintains a number of security measures to monitor, investigate, and immediately respond to any and all incidents which may occur. Such measures allow us to control the impact and triage effectively. In the case of [Incident name], [in bold font - details regarding potential impact of incident against company data].
‍
We will be sharing more updates as soon as they are available and as remediation efforts are ongoing.
‍
[The last paragraph and/or statement should be language regarding next steps to be taken - perhaps when to expect the next update]

Title: [New Subprocessor name] - Subprocessor Added
‍
‍Tag: Subprocessors
‍
‍Body: As we work to continuously improve our product line and streamline our infrastructure, [Company] will now be engaging with [New Subprocessor name] to [describe service delivered here].
​
This serves as notice that [New Subprocessor name] is now a subprocessor of [Company].
‍
‍Name: [New Subprocessor name]
‍Location: [country of service provided]
‍Website: subprocessorName[.]com
‍Purpose: [brief description of service to be delivered by new subprocessor]
‍DPA Signed: [Yes / No]
‍Third-Party Risk Evaluation Completed: [Yes / No]
​
This new subprocessor will be live as of [date of future service]. Please contact us with any questions or concerns.

Title: [Existing Subprocessor name] - Subprocessor Removed
​
​Tag: Subprocessors
​
​Body: In an effort to remain transparent with business partners and customers, [Company] is relaying this subprocessor removal notice to declare in our subprocessor list. We no longer rely on the services of [existing Subprocessor name] as of [past date of removal, if applicable].
​
This serves as notice that [existing Subprocessor name] is no longer within our subprocessor list.
​
To see the full list of our subprocessors, please visit the Legal card within our Trust Center (link).

Title: Welcome to the [your company name] Security Trust Center
​
​Tag: General
​
​Body: As an organization that is security conscious and values security, we are excited to announce the official launch of the [your company name] Security Trust Center. By using this portal, you can request access to our compliance documents, review our standardized questionnaires such as the SIG and gain a general understanding of our security posture.
​
Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications for when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.

-The <YOUR COMPANY NAME> Security Team