johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dealspace/cmd/server/website/soc2.html

680 lines
38 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SOC 2 Compliance — Dealspace</title>
<meta name="description" content="SOC 2 Type II self-assessment documentation. Trust Services Criteria coverage for Security, Availability, Confidentiality, Processing Integrity, and Privacy.">
<!-- OpenGraph -->
<meta property="og:title" content="SOC 2 Compliance — Dealspace">
<meta property="og:description" content="SOC 2 Type II self-assessment documentation. Trust Services Criteria coverage for Security, Availability, Confidentiality, Processing Integrity, and Privacy.">
<meta property="og:url" content="https://muskepo.com/soc2">
<meta property="og:type" content="website">
<meta property="og:image" content="https://muskepo.com/og-image.png">
<!-- Twitter -->
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="SOC 2 Compliance — Dealspace">
<meta name="twitter:description" content="SOC 2 Type II self-assessment documentation. Trust Services Criteria coverage for Security, Availability, Confidentiality, Processing Integrity, and Privacy.">
<meta name="twitter:image" content="https://muskepo.com/og-image.png">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
<script src="https://cdn.tailwindcss.com"></script>
<script>
tailwind.config = {
theme: {
extend: {
colors: {
navy: '#0F1B35',
'navy-light': '#1a2847',
slate: '#2B4680',
gold: '#C9A84C',
'gold-light': '#d4b85f',
},
fontFamily: {
sans: ['Inter', 'system-ui', 'sans-serif'],
}
}
}
}
</script>
<style>
html { scroll-behavior: smooth; }
.gradient-text {
background: linear-gradient(135deg, #C9A84C 0%, #d4b85f 100%);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
}
</style>
</head>
<body class="bg-navy font-sans text-white antialiased">
<!-- Navigation -->
<nav class="fixed top-0 left-0 right-0 z-50 bg-navy/95 backdrop-blur-sm border-b border-white/10">
<div class="max-w-7xl mx-auto px-6 py-4">
<div class="flex items-center justify-between">
<a href="index.html" class="flex items-center space-x-2">
<span class="text-2xl font-bold text-white">Deal<span class="text-gold">space</span></span>
</a>
<div class="hidden md:flex items-center space-x-8">
<a href="features.html" class="text-gray-300 hover:text-white transition-colors">Features</a>
<a href="security.html" class="text-gray-300 hover:text-white transition-colors">Security</a>
<a href="pricing.html" class="text-gray-300 hover:text-white transition-colors">Pricing</a>
<a href="#" class="text-gray-300 hover:text-white transition-colors">Sign In</a>
<a href="index.html#demo" class="bg-gold hover:bg-gold-light text-navy font-semibold px-5 py-2.5 rounded-lg transition-colors">Request Demo</a>
</div>
<button class="md:hidden text-white" aria-label="Toggle mobile menu" onclick="document.getElementById('mobile-menu').classList.toggle('hidden')">
<svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16"/>
</svg>
</button>
</div>
<div id="mobile-menu" class="hidden md:hidden pt-4 pb-2 space-y-3">
<a href="features.html" class="block text-gray-300 hover:text-white">Features</a>
<a href="security.html" class="block text-gray-300 hover:text-white">Security</a>
<a href="pricing.html" class="block text-gray-300 hover:text-white">Pricing</a>
<a href="#" class="block text-gray-300 hover:text-white">Sign In</a>
<a href="index.html#demo" class="inline-block bg-gold text-navy font-semibold px-5 py-2.5 rounded-lg mt-2">Request Demo</a>
</div>
</div>
</nav>
<!-- Hero -->
<section class="pt-32 pb-16 px-6 border-b border-white/10">
<div class="max-w-4xl mx-auto text-center">
<div class="inline-block bg-yellow-500/20 text-yellow-400 text-sm font-medium px-4 py-2 rounded-full mb-6">
Self-Assessment · Type II Audit Planned Q4 2026
</div>
<h1 class="text-4xl md:text-5xl font-bold mb-6">
SOC 2 <span class="gradient-text">Compliance</span>
</h1>
<p class="text-xl text-gray-400 max-w-2xl mx-auto">
Dealspace has completed a comprehensive SOC 2 Type II self-assessment. We are preparing for formal audit certification in Q4 2026.
</p>
</div>
</section>
<!-- Disclaimer Banner -->
<section class="py-6 px-6 bg-yellow-500/10 border-b border-yellow-500/20">
<div class="max-w-4xl mx-auto text-center">
<p class="text-yellow-200">
<strong>Note:</strong> This is a self-assessment document. Formal SOC 2 Type II audit is planned for Q4 2026.
</p>
</div>
</section>
<!-- Overview -->
<section class="py-24 px-6">
<div class="max-w-7xl mx-auto">
<div class="grid lg:grid-cols-2 gap-16 items-center">
<div>
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Overview</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">What is SOC 2?</h2>
<p class="text-gray-400 text-lg mb-6 leading-relaxed">
SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates how organizations manage customer data based on five Trust Services Criteria.
</p>
<p class="text-gray-400 text-lg leading-relaxed">
For M&A platforms handling confidential deal data, SOC 2 compliance demonstrates a commitment to security, availability, and data protection that investment banks and advisors require.
</p>
</div>
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<h3 class="font-semibold text-white text-xl mb-6">Self-Assessment Summary</h3>
<div class="space-y-4">
<div class="flex justify-between items-center">
<span class="text-gray-300">Security (CC1-CC9)</span>
<div class="flex items-center">
<div class="w-32 h-2 bg-navy rounded-full mr-3">
<div class="w-[95%] h-full bg-green-500 rounded-full"></div>
</div>
<span class="text-green-400 font-medium">95%</span>
</div>
</div>
<div class="flex justify-between items-center">
<span class="text-gray-300">Availability (A1)</span>
<div class="flex items-center">
<div class="w-32 h-2 bg-navy rounded-full mr-3">
<div class="w-[95%] h-full bg-green-500 rounded-full"></div>
</div>
<span class="text-green-400 font-medium">95%</span>
</div>
</div>
<div class="flex justify-between items-center">
<span class="text-gray-300">Confidentiality (C1)</span>
<div class="flex items-center">
<div class="w-32 h-2 bg-navy rounded-full mr-3">
<div class="w-[98%] h-full bg-green-500 rounded-full"></div>
</div>
<span class="text-green-400 font-medium">98%</span>
</div>
</div>
<div class="flex justify-between items-center">
<span class="text-gray-300">Processing Integrity (PI1)</span>
<div class="flex items-center">
<div class="w-32 h-2 bg-navy rounded-full mr-3">
<div class="w-[95%] h-full bg-green-500 rounded-full"></div>
</div>
<span class="text-green-400 font-medium">95%</span>
</div>
</div>
<div class="flex justify-between items-center">
<span class="text-gray-300">Privacy (P1-P8)</span>
<div class="flex items-center">
<div class="w-32 h-2 bg-navy rounded-full mr-3">
<div class="w-[95%] h-full bg-green-500 rounded-full"></div>
</div>
<span class="text-green-400 font-medium">95%</span>
</div>
</div>
</div>
<div class="mt-6 pt-6 border-t border-white/10">
<p class="text-gray-400 text-sm">Assessment Date: February 28, 2026</p>
</div>
</div>
</div>
</div>
</section>
<!-- Scope -->
<section class="py-24 px-6 bg-navy-light">
<div class="max-w-7xl mx-auto">
<div class="text-center mb-16">
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Scope</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">What's Covered</h2>
<p class="text-xl text-gray-400 max-w-3xl mx-auto">
Our SOC 2 assessment covers all aspects of the Dealspace platform and infrastructure.
</p>
</div>
<div class="grid md:grid-cols-3 gap-8">
<div class="bg-navy border border-white/10 rounded-xl p-8">
<div class="w-14 h-14 bg-slate/30 rounded-lg flex items-center justify-center mb-6">
<svg class="w-7 h-7 text-gold" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 12h14M5 12a2 2 0 01-2-2V6a2 2 0 012-2h14a2 2 0 012 2v4a2 2 0 01-2 2M5 12a2 2 0 00-2 2v4a2 2 0 002 2h14a2 2 0 002-2v-4a2 2 0 00-2-2m-2-4h.01M17 16h.01"/>
</svg>
</div>
<h3 class="text-xl font-semibold mb-3">Infrastructure</h3>
<ul class="text-gray-400 space-y-2">
<li>• Production server (Zürich, Switzerland)</li>
<li>• Go application binary</li>
<li>• SQLite encrypted database</li>
<li>• Caddy reverse proxy</li>
</ul>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-8">
<div class="w-14 h-14 bg-slate/30 rounded-lg flex items-center justify-center mb-6">
<svg class="w-7 h-7 text-gold" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"/>
</svg>
</div>
<h3 class="text-xl font-semibold mb-3">Data Types</h3>
<ul class="text-gray-400 space-y-2">
<li>• M&A deal documents</li>
<li>• Financial data</li>
<li>• Transaction details</li>
<li>• Participant information</li>
</ul>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-8">
<div class="w-14 h-14 bg-slate/30 rounded-lg flex items-center justify-center mb-6">
<svg class="w-7 h-7 text-gold" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4.354a4 4 0 110 5.292M15 21H3v-1a6 6 0 0112 0v1zm0 0h6v-1a6 6 0 00-9-5.197M13 7a4 4 0 11-8 0 4 4 0 018 0z"/>
</svg>
</div>
<h3 class="text-xl font-semibold mb-3">User Types</h3>
<ul class="text-gray-400 space-y-2">
<li>• Investment bank admins/members</li>
<li>• Seller organizations</li>
<li>• Buyer organizations</li>
<li>• Observers</li>
</ul>
</div>
</div>
</div>
</section>
<!-- Trust Services Criteria -->
<section class="py-24 px-6">
<div class="max-w-7xl mx-auto">
<div class="text-center mb-16">
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Trust Services Criteria</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">The Five Pillars</h2>
<p class="text-xl text-gray-400 max-w-3xl mx-auto">
SOC 2 evaluates organizations against five Trust Services Criteria. Dealspace implements controls for all five.
</p>
</div>
<div class="space-y-8">
<!-- Security -->
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<div class="flex items-start">
<div class="w-14 h-14 bg-blue-500/20 rounded-lg flex items-center justify-center mr-6 flex-shrink-0">
<svg class="w-7 h-7 text-blue-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"/>
</svg>
</div>
<div class="flex-1">
<h3 class="text-xl font-semibold mb-3">Security (CC1-CC9)</h3>
<p class="text-gray-400 mb-4">Protection against unauthorized access, both physical and logical.</p>
<div class="grid md:grid-cols-2 gap-4">
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
FIPS 140-3 encryption (AES-256-GCM)
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Per-project key derivation (HKDF-SHA256)
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Role-based access control (RBAC)
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
MFA required for IB users
</div>
</div>
</div>
</div>
</div>
<!-- Availability -->
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<div class="flex items-start">
<div class="w-14 h-14 bg-green-500/20 rounded-lg flex items-center justify-center mr-6 flex-shrink-0">
<svg class="w-7 h-7 text-green-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 3v4M3 5h4M6 17v4m-2-2h4m5-16l2.286 6.857L21 12l-5.714 2.143L13 21l-2.286-6.857L5 12l5.714-2.143L13 3z"/>
</svg>
</div>
<div class="flex-1">
<h3 class="text-xl font-semibold mb-3">Availability (A1)</h3>
<p class="text-gray-400 mb-4">Systems are available for operation and use as committed.</p>
<div class="grid md:grid-cols-2 gap-4">
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
99.9% uptime SLA
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
4-hour recovery time objective
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Daily encrypted backups
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Swiss data center (Zürich)
</div>
</div>
</div>
</div>
</div>
<!-- Confidentiality -->
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<div class="flex items-start">
<div class="w-14 h-14 bg-purple-500/20 rounded-lg flex items-center justify-center mr-6 flex-shrink-0">
<svg class="w-7 h-7 text-purple-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"/>
</svg>
</div>
<div class="flex-1">
<h3 class="text-xl font-semibold mb-3">Confidentiality (C1)</h3>
<p class="text-gray-400 mb-4">Information designated as confidential is protected as committed.</p>
<div class="grid md:grid-cols-2 gap-4">
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
All deal data encrypted at rest
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Blind indexes for searchable encryption
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
TLS 1.3 for all connections
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Dynamic document watermarking
</div>
</div>
</div>
</div>
</div>
<!-- Processing Integrity -->
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<div class="flex items-start">
<div class="w-14 h-14 bg-orange-500/20 rounded-lg flex items-center justify-center mr-6 flex-shrink-0">
<svg class="w-7 h-7 text-orange-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"/>
</svg>
</div>
<div class="flex-1">
<h3 class="text-xl font-semibold mb-3">Processing Integrity (PI1)</h3>
<p class="text-gray-400 mb-4">System processing is complete, valid, accurate, timely, and authorized.</p>
<div class="grid md:grid-cols-2 gap-4">
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Input validation on all data
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Parameterized SQL queries
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Optimistic locking (ETag)
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
ACID transaction compliance
</div>
</div>
</div>
</div>
</div>
<!-- Privacy -->
<div class="bg-navy-light border border-white/10 rounded-xl p-8">
<div class="flex items-start">
<div class="w-14 h-14 bg-pink-500/20 rounded-lg flex items-center justify-center mr-6 flex-shrink-0">
<svg class="w-7 h-7 text-pink-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"/>
</svg>
</div>
<div class="flex-1">
<h3 class="text-xl font-semibold mb-3">Privacy (P1-P8)</h3>
<p class="text-gray-400 mb-4">Personal information is collected, used, retained, and disclosed in conformity with commitments.</p>
<div class="grid md:grid-cols-2 gap-4">
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
GDPR/FADP/CCPA compliant
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
Data export on request
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
No third-party tracking
</div>
<div class="flex items-center text-gray-300">
<svg class="w-5 h-5 text-green-400 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
No data sales
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- Controls Summary -->
<section class="py-24 px-6 bg-navy-light">
<div class="max-w-7xl mx-auto">
<div class="text-center mb-16">
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Controls Summary</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">Key Security Controls</h2>
</div>
<div class="grid md:grid-cols-2 lg:grid-cols-3 gap-6">
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Encryption</h3>
<p class="text-gray-400 text-sm">FIPS 140-3 validated AES-256-GCM with per-project keys derived via HKDF-SHA256</p>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Authentication</h3>
<p class="text-gray-400 text-sm">JWT tokens with 1-hour expiry, MFA required for IB users, session management</p>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Authorization</h3>
<p class="text-gray-400 text-sm">Role hierarchy (IB → Seller → Buyer → Observer), invitation-only access</p>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Infrastructure</h3>
<p class="text-gray-400 text-sm">Swiss data center, UFW firewall, SSH key-only, automatic security updates</p>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Audit Logging</h3>
<p class="text-gray-400 text-sm">All access logged with actor, timestamp, IP. 7-year retention for compliance</p>
</div>
<div class="bg-navy border border-white/10 rounded-xl p-6">
<h3 class="font-semibold text-white mb-2">Backup & Recovery</h3>
<p class="text-gray-400 text-sm">Daily encrypted backups, 4-hour RTO, 24-hour RPO, tested recovery procedures</p>
</div>
</div>
</div>
</section>
<!-- Policy Documents -->
<section class="py-24 px-6">
<div class="max-w-7xl mx-auto">
<div class="text-center mb-16">
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Documentation</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">Policy Documents</h2>
<p class="text-xl text-gray-400 max-w-3xl mx-auto">
Our SOC 2 program is supported by comprehensive policy documentation.
</p>
</div>
<div class="grid md:grid-cols-2 lg:grid-cols-3 gap-6">
<a href="/docs/soc2/soc2-self-assessment-2026.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Self-Assessment Report</h3>
</div>
<p class="text-gray-400 text-sm">Complete SOC 2 Type II self-assessment with control mappings</p>
</a>
<a href="/docs/soc2/security-policy.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Security Policy</h3>
</div>
<p class="text-gray-400 text-sm">Security requirements for systems, data, and operations</p>
</a>
<a href="/docs/soc2/incident-response-plan.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Incident Response Plan</h3>
</div>
<p class="text-gray-400 text-sm">Procedures for detecting and responding to security incidents</p>
</a>
<a href="/docs/soc2/disaster-recovery-plan.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Disaster Recovery Plan</h3>
</div>
<p class="text-gray-400 text-sm">Recovery procedures following disasters affecting systems</p>
</a>
<a href="/docs/soc2/data-retention-policy.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Data Retention Policy</h3>
</div>
<p class="text-gray-400 text-sm">Data retention periods and deletion procedures</p>
</a>
<a href="/docs/soc2/risk-assessment.md" class="bg-navy-light border border-white/10 rounded-xl p-6 hover:border-gold/50 transition-colors group">
<div class="flex items-center mb-4">
<svg class="w-8 h-8 text-gold mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 19v-6a2 2 0 00-2-2H5a2 2 0 00-2 2v6a2 2 0 002 2h2a2 2 0 002-2zm0 0V9a2 2 0 012-2h2a2 2 0 012 2v10m-6 0a2 2 0 002 2h2a2 2 0 002-2m0 0V5a2 2 0 012-2h2a2 2 0 012 2v14a2 2 0 01-2 2h-2a2 2 0 01-2-2z"/>
</svg>
<h3 class="font-semibold text-white group-hover:text-gold transition-colors">Risk Assessment</h3>
</div>
<p class="text-gray-400 text-sm">Identified risks and mitigation controls</p>
</a>
</div>
</div>
</section>
<!-- Status -->
<section class="py-24 px-6 bg-navy-light">
<div class="max-w-4xl mx-auto text-center">
<div class="inline-block bg-gold/20 text-gold text-sm font-medium px-3 py-1 rounded-full mb-6">Status</div>
<h2 class="text-3xl md:text-4xl font-bold mb-6">Audit Timeline</h2>
<div class="bg-navy border border-white/10 rounded-xl p-8 text-left">
<div class="space-y-6">
<div class="flex items-start">
<div class="w-8 h-8 bg-green-500/20 rounded-full flex items-center justify-center mr-4 mt-1 flex-shrink-0">
<svg class="w-4 h-4 text-green-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
</div>
<div>
<h4 class="font-semibold text-white">February 2026 — Self-Assessment Complete</h4>
<p class="text-gray-400">Comprehensive self-assessment against all five Trust Services Criteria completed. Policy documentation created.</p>
</div>
</div>
<div class="flex items-start">
<div class="w-8 h-8 bg-blue-500/20 rounded-full flex items-center justify-center mr-4 mt-1 flex-shrink-0">
<svg class="w-4 h-4 text-blue-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 8v4l3 3m6-3a9 9 0 11-18 0 9 9 0 0118 0z"/>
</svg>
</div>
<div>
<h4 class="font-semibold text-white">Q2 2026 — Gap Remediation</h4>
<p class="text-gray-400">Address recommended action items including backup restore testing and external penetration test.</p>
</div>
</div>
<div class="flex items-start">
<div class="w-8 h-8 bg-yellow-500/20 rounded-full flex items-center justify-center mr-4 mt-1 flex-shrink-0">
<svg class="w-4 h-4 text-yellow-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"/>
</svg>
</div>
<div>
<h4 class="font-semibold text-white">Q4 2026 — Formal SOC 2 Type II Audit</h4>
<p class="text-gray-400">Engage third-party auditor for formal SOC 2 Type II certification.</p>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- CTA -->
<section class="py-24 px-6 border-t border-white/10">
<div class="max-w-4xl mx-auto text-center">
<h2 class="text-3xl md:text-4xl font-bold mb-6">Questions About Compliance?</h2>
<p class="text-xl text-gray-400 mb-8">
Contact our security team for detailed documentation or to discuss your compliance requirements.
</p>
<div class="flex flex-col sm:flex-row gap-4 justify-center">
<a href="mailto:security@muskepo.com" class="bg-gold hover:bg-gold-light text-navy font-semibold px-8 py-4 rounded-lg transition-colors">
Contact Security Team
</a>
<a href="security.html" class="border border-white/20 hover:border-white/40 text-white font-semibold px-8 py-4 rounded-lg transition-colors">
View Security Page
</a>
</div>
</div>
</section>
<!-- Footer -->
<footer class="border-t border-white/10 py-12 px-6">
<div class="max-w-7xl mx-auto">
<div class="grid md:grid-cols-4 gap-8 mb-12">
<div>
<span class="text-2xl font-bold text-white">Deal<span class="text-gold">space</span></span>
<p class="text-gray-400 mt-4">The M&A workflow platform that Investment Banks trust.</p>
</div>
<div>
<h4 class="font-semibold mb-4">Product</h4>
<ul class="space-y-2 text-gray-400">
<li><a href="features.html" class="hover:text-white transition-colors">Features</a></li>
<li><a href="security.html" class="hover:text-white transition-colors">Security</a></li>
<li><a href="pricing.html" class="hover:text-white transition-colors">Pricing</a></li>
</ul>
</div>
<div>
<h4 class="font-semibold mb-4">Legal</h4>
<ul class="space-y-2 text-gray-400">
<li><a href="privacy.html" class="hover:text-white transition-colors">Privacy Policy</a></li>
<li><a href="terms.html" class="hover:text-white transition-colors">Terms of Service</a></li>
<li><a href="dpa.html" class="hover:text-white transition-colors">DPA</a></li>
<li><a href="soc2.html" class="hover:text-white transition-colors">SOC 2</a></li>
</ul>
</div>
<div>
<h4 class="font-semibold mb-4">Contact</h4>
<ul class="space-y-2 text-gray-400">
<li><a href="mailto:sales@muskepo.com" class="hover:text-white transition-colors">sales@muskepo.com</a></li>
<li><a href="mailto:security@muskepo.com" class="hover:text-white transition-colors">security@muskepo.com</a></li>
</ul>
</div>
</div>
<div class="border-t border-white/10 pt-8 flex flex-col md:flex-row justify-between items-center">
<p class="text-gray-500 text-sm">© 2026 Muskepo B.V. All rights reserved.</p>
<p class="text-gray-500 text-sm mt-4 md:mt-0">Amsterdam · New York · London</p>
</div>
</div>
</footer>
<link rel="stylesheet" href="/chat.css">
<script src="/chat.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink