Everything your risk team needs to verify.
Institutional buyers seat vendors on rigor, not claims. This is the single place to assess how Market Fortress handles your data, your obligations, and your liability, with each commitment linked to the page that proves it.
Four layers around the data
Row-level security on every table, AES-256-GCM for material non-public information at rest, isolated AI routing, and an append-only mutation log. Built around MNPI handling requirements rather than retrofitted to them.
Review the architectureEvery event, every consequence
A single material event raises every downstream obligation it triggers across the platform: deadlines, drafting tasks, and the notifications that route them to the right role. Nothing is left for an issuer to remember.
See material eventsThe platform is a tool. Counsel signs.
Market Fortress drafts, surfaces, and routes. It does not file. The signing attorney remains the responsible party on every submission, with a complete record of what was reviewed, when, and by whom.
How counsel oversight worksNo lock-in at the data layer
The complete dataset is extractable at any time in JSON and CSV. There are no soft deletes. Every record carries its own lineage, and the issuer owns it for the full retention period.
Data processing termsUptime built for filing deadlines
A 99.9% availability target during US market hours. Filing-deadline traffic is prioritized over non-critical workloads. Status and historical incidents publish at status.marketfortress.app.
View system statusPrivacy and compliance by construction
GDPR Article 17 erasure, CCPA and CPRA consumer rights, per-issuer key isolation, and a documented subprocessor list. Privacy controls are enforced server-side, not promised in a policy.
Read the privacy policyOne event raises every obligation it triggers.
The modules are not silos. When something happens inside an issuer, the platform resolves the full set of downstream consequences across every domain it touches, anchors each deadline to the statutory clock, and routes the work to the responsible role. The issuer is not asked to know which obligations a given event creates.
Periodic reporting
10-K, 10-Q, and 8-K clocks anchored to the underlying event and the issuer filer category, not to the date a user happened to enter the data.
Material events
The full set of Form 8-K disclosure items, each with its own four-business-day clock and the drafting task it requires.
Insider activity
Section 16 ownership reports, Rule 10b5-1 trading plans with cooling-off enforcement, and the single-plan rule check.
Beneficial ownership
Schedule 13D and 13G threshold monitoring with the filing schedule each crossing triggers, surfaced into the global calendar.
Restatement and recovery
Dodd-Frank Rule 10D-1 clawback analysis, excess-compensation recompute, and the ICFR and proxy disclosure obligations that follow.
Cybersecurity disclosure
Item 1.05 materiality determinations that start the four-business-day clock, with the DOJ delay pathway tracked alongside.
Capital and offerings
Registered and exempt offerings, Reg D state Blue Sky obligations, and the disclosure tasks each financing path raises.
Governance and exchange
Board, committee, and listing-standard events routed to the right persona with the proxy and exchange notices they require.
Deadlines anchor to the underlying event date and the issuer filer category, computed on business days where the rule requires it. Coverage breadth is data, reviewable and extendable, not a fixed set of hard-coded paths.
Control posture, mapped to the frameworks your auditors use.
This view is computed live from the platform control engine at page load, not maintained by hand. Each control maps to SOC 2, ISO 27001, NIST CSF 2.0, and the SEC cybersecurity disclosure rules. The signed attestation, with the underlying evidence for every control, is available to your risk team on request.
22 of 24 controls verified, 2 in progress
4 of 4 controls verified
5 of 5 controls verified
3 of 3 controls verified
12 of 14 verified
2 of 2 verified
2 of 2 verified
2 of 2 verified
4 of 4 verified
SOC 2
ISO 27001
NIST CSF 2.0
SEC Cybersecurity
Verified controls are continuously checked by the platform. Controls shown in progress are organizational measures being formalized on the documented review cadence. Evidence and the cryptographically signed attestation are released to risk teams under standard diligence.
For your security and procurement teams.
Security Whitepaper
Full architecture document covering encryption, AI isolation, key management, and audit infrastructure.
Attestation Letter
CEO-signed attestation summarizing security posture for auditors and procurement teams.
Security One-Pager
Quick-reference compliance summary suitable for vendor risk assessments.
Have a diligence question?
Our team answers every standard vendor risk assessment and can supply contractual language on liability and service levels on request.