Trust Centre Overview
Epitome builds workforce optimisation software for organisations that need clearer visibility into skills, capability, role fit, development priorities, and workforce planning. Our trust approach is based on a simple principle: if our platform is used in decisions that affect people's work, growth, and opportunity, it must be secure, explainable, and accountable.
We organise our trust posture around four pillars:
Security
Layered controls across infrastructure, access, application design, and operations. Including encrypted data handling, least-privilege access, administrative logging, and secure development practices.
Privacy
Privacy-by-default handling of workforce and candidate data. Minimised collection, documented processor instructions, and support for retention, deletion, and data-subject-rights workflows.
Responsible AI
AI supports human judgement, not replaces it. Explainable outputs, documented data boundaries, human-in-the-loop workflows, and fairness monitoring.
Compliance
Clarity on what is in place today, what is available for review, and what is still maturing. Enterprise buyers need more than general assurances.
Security Overview
Epitome is designed as a cloud-first platform built around Amazon Web Services. Current documentation describes a hosted architecture using services such as S3, CloudFront, ECS, Lambda, Aurora, and AWS-managed key services. Available now Where clients require specific hosting or deployment patterns, Epitome can support region-specific deployments and, in some cases, client-managed private cloud models. Supported with configuration
Architecture & Data Isolation
This section requires authentication
Sign in with a manager or admin account to view detailed technical documentation.
Sign InPrivacy & Data Handling
Epitome operates primarily as a processor acting on documented instructions of the client as controller. The client determines the lawful basis and business purpose for workforce data use. Available now Role allocation may vary by deployment model. Supported with configuration
Responsible AI
AI-supported use cases include skills inference, competency mapping, gap analysis, candidate ranking, career pathing, and workforce analytics. AI supports clearer, more consistent, and more explainable decision support — it does not replace human judgement. Available now
Compliance & Assurance Status
Available Now
- CSA STAR Level 1
- Processor-oriented privacy material
- Security & incident-response summaries
- Responsible AI governance material
- Encryption, RBAC, admin MFA, logging
Available on Request
- Security overview pack
- Responsible AI whitepaper
- Incident-response summary
- Architecture notes & diagrams
- Penetration-testing summaries
- Model inventory summaries (under NDA)
In Progress
- ISO 27001 certification
- SOC 2 Type II
- Advanced fairness analytics
- Higher-maturity model governance
Subprocessors & International Transfers
This section requires authentication
Sign in with a manager or admin account to view detailed technical documentation.
Sign InSecurity Contact & Reporting
Security & Infrastructure
security@epitome.globalFor security questions, incident reports, vulnerability disclosures, and diligence material requests.
AI Governance
kevin.chan@epitome.globalFor AI governance questions, responsible AI documentation, and model governance enquiries.
Diligence Materials
This section requires authentication
Sign in with a manager or admin account to view detailed technical documentation.
Sign InThis trust centre is intended to help buyers answer the first set of diligence questions quickly.
For a deeper review, contact security@epitome.global.