Enterprise buyers need a simple answer to three questions: what is in place now, what can be reviewed during diligence, and what is still maturing. This section is intended to provide that answer without overstating Epitome's current assurance posture.
Available now
- CSA STAR Level 1 Available now
- Processor-oriented privacy and data-handling material Available now
- Information-security and incident-response summaries Available now
- Responsible AI governance material Available now
- Security controls covering encryption, role-based access control, administrative MFA, logging, backup, and recovery targets as described in current internal documentation Available now
Available on request
- Security overview pack Available on request
- Responsible AI whitepaper or governance summary Available on request
- Incident-response summary Available on request
- Architecture notes and high-level diagrams Available on request
- Penetration-testing or assurance summaries Available on request
- Transfer impact assessment support Available on request
- Model inventory summaries or deeper model documentation under NDA where appropriate Available on request
In progress
- ISO 27001 certification In progress
- SOC 2 Type II In progress
- Continued expansion of fairness analytics and higher-maturity model-governance practices In progress
EU AI Act readiness
| Topic | Epitome position | Customer responsibility | Status |
|---|---|---|---|
| Prohibited-practice exclusion | Epitome excludes biometric emotion recognition, social scoring, biometric categorisation for sensitive traits, and manipulative employment uses from its intended platform posture | Confirm that local deployment and adjacent workflows do not introduce prohibited practices | Available now |
| High-risk feature identification | Epitome can identify features that may become high-risk depending on employment use case and material influence on decisions | Assess whether the actual use in recruitment, promotion, task allocation, monitoring, or termination makes the deployment high-risk | Available now |
| Intended-purpose documentation | Epitome can document intended purpose, supported use case, and known limitations for AI-enabled features | Use features within documented boundaries and review any scope expansion before deployment | Available on request |
| Human oversight | Epitome is designed as a decision-support platform with override and review expectations | Ensure appropriate human review, approval, and escalation in the customer's operational process | Available now |
| Logging and traceability | Epitome maintains audit-oriented logging and traceability controls in current platform documentation | Retain and govern decision records in accordance with local legal and HR requirements | Available now |
| Bias and fundamental-rights review | Epitome supports fairness monitoring and can support deeper review where relevant data is available | Determine lawful basis for demographic data use and conduct employer-side rights and impact assessments where required | Supported with configuration |
| Technical documentation and audit support | Epitome can provide governance summaries, model documentation, and audit support material during diligence | Review and use this material in the customer's own compliance and deployment assessment | Available on request |
| AI literacy and operational training | Epitome is incorporating AI-literacy expectations into internal governance and customer enablement materials | Ensure staff using AI-supported employment tools are appropriately trained and supervised | In progress |
Compliance support for customers
Epitome's current material positions the platform as supporting customer compliance efforts in areas such as GDPR, PDPA, GDPR Article 22-related human intervention requirements, adverse-impact analysis, and emerging AI-governance expectations Available now. These support capabilities should be described carefully.
Epitome does not claim to make a client compliant by itself. Instead, it provides documentation, controls, data exports, retention support, and workflow features that can help clients meet their own obligations Available now.
Where specific local regulations require tailored notices, audits, or deployment choices, Epitome's support is generally Supported with configuration or Available on request rather than universally automatic.