{
  "version": 1,
  "generatedAt": "2026-05-28T03:59:27.705Z",
  "documentCount": 12,
  "keyHandling": "Documents are encrypted with AES-256-GCM. The unlock key is not included in this site and must be sent out-of-band to approved recipients.",
  "documents": [
    {
      "id": "data-breach-incident-response",
      "title": "Data Breach Incident Response Policy",
      "category": "Featured",
      "summary": "Incident classification, escalation, containment, notification, and post-incident review process.",
      "file": "/secure-docs/data-breach-incident-response.json"
    },
    {
      "id": "security-incident-response",
      "title": "Security Incident Response Policy",
      "category": "Featured",
      "summary": "Security incident preparation, triage, containment, investigation, recovery, and review process.",
      "file": "/secure-docs/security-incident-response.json"
    },
    {
      "id": "dpa",
      "title": "Data Processing Addendum",
      "category": "Featured",
      "summary": "Processing terms, subprocessors, confidentiality, deletion, and customer assistance commitments.",
      "file": "/secure-docs/dpa.json"
    },
    {
      "id": "web-penetration-test",
      "title": "Web Application Security Testing Report",
      "category": "Security",
      "summary": "Security testing results, remediation summary, and third-party report attachment slot.",
      "file": "/secure-docs/web-penetration-test.json"
    },
    {
      "id": "architecture-diagram",
      "title": "Infrastructure Architecture and Data Flow",
      "category": "Architecture",
      "summary": "System boundaries, customer data flows, storage services, and third-party integrations.",
      "file": "/secure-docs/architecture-diagram.json"
    },
    {
      "id": "access-control-policy",
      "title": "Access Control Policy",
      "category": "Policies",
      "summary": "Least privilege, administrative access, authentication, and access review requirements.",
      "file": "/secure-docs/access-control-policy.json"
    },
    {
      "id": "information-security-policy",
      "title": "Information Security Policy",
      "category": "Policies",
      "summary": "Security governance, risk ownership, control operation, and review cadence.",
      "file": "/secure-docs/information-security-policy.json"
    },
    {
      "id": "secure-development-policy",
      "title": "Secure Development Policy",
      "category": "Policies",
      "summary": "Code review, change control, dependency management, testing, and deployment safeguards.",
      "file": "/secure-docs/secure-development-policy.json"
    },
    {
      "id": "business-continuity",
      "title": "Business Continuity and Disaster Recovery Plan",
      "category": "Policies",
      "summary": "Availability planning, backup expectations, recovery roles, and restoration practices.",
      "file": "/secure-docs/business-continuity.json"
    },
    {
      "id": "third-party-management",
      "title": "Third-Party Management Policy",
      "category": "Policies",
      "summary": "Vendor security review, approval, monitoring, and subprocessor change management.",
      "file": "/secure-docs/third-party-management.json"
    },
    {
      "id": "risk-management",
      "title": "Risk Management Policy",
      "category": "Policies",
      "summary": "Risk identification, tracking, ownership, acceptance, and remediation process.",
      "file": "/secure-docs/risk-management.json"
    },
    {
      "id": "data-retention",
      "title": "Data Retention and Deletion Policy",
      "category": "Policies",
      "summary": "Retention periods, deletion workflows, backup handling, and customer data return or deletion.",
      "file": "/secure-docs/data-retention.json"
    }
  ]
}