diff --git a/SECURITY.md b/SECURITY.md
index fe8ace7..d2eec54 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -5,7 +5,7 @@ This document gives an overview to the applied security standards that are in us
 ### Global
 
 - The OS and software is updated every week (Thursdays, 22:00 - 23:59 CEST).
-- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see misc/softraid.pdf for the specification).
+- The storage on the server is fully encrypted, both in OpenStack and the VM itself (the latter one using `AES-XTS-256`, see `misc/softraid.pdf` for the specification).
 - The server _solely_ runs the Gitea stack (with Nginx and PostgreSQL), thus preventing additional attack surface.
 
 ### Web front-end
@@ -20,5 +20,6 @@ This document gives an overview to the applied security standards that are in us
 
 ### Etc
 
+- Official commits (eg, in the laylo/docs repository) are GPG signed, and MFA is enforced for accounts with write access).
 - Backups are made every 24 hours, using a 'pull mechanism'. This server does **NOT** have access to the backup repository.
 - SSH is hardened (PKI authentication, MFA via hardware tokens, highest level ciphersuites).