How Axiom Protects Your Organisation
Governed Answers
Axiom operates on a closed-world assumption: it only answers from your verified knowledge base. If it has no source for a claim, it says so. No hallucination, no invention. Every answer cites its source.
Access by Role
Content is tier-tagged at ingestion and filtered at retrieval. Board-level material never reaches staff. Contractor-accessible content is separate from executive content. Access is enforced at the system layer, not by policy alone.
Full Audit Trail
Every query, every access decision and every action is logged in a structured audit record. Who asked, what was returned, which documents were accessed and at what clearance level. Available on request for compliance or investigation.
Human in the Loop
Axiom does not make governance decisions autonomously. Every exception to access policy, every change to the knowledge base and every update to the governance framework requires human approval. Prosperity Path surfaces these decisions to you. You make them. The system executes what you approve and logs it.
Compliance Framework Alignment
NIST AI Risk Management Framework
Govern, Map, Measure and Manage functions
| Requirement | How Axiom Addresses It |
|---|---|
| Govern: establish accountability for AI risk | ✓Governance framework with named human decision-makers at every checkpoint. Accountability is built into the system design. |
| Map: identify and classify AI risks | ✓Content tier classification and access model map risk by data sensitivity and user clearance level from day one. |
| Measure: evaluate AI system performance and risk | ✓Audit logging captures all interactions for ongoing review. Prosperity Path conducts regular governance reviews against defined criteria. |
| Manage: prioritise and respond to AI risks | ✓Human checkpoint framework ensures all material governance decisions are escalated, reviewed and actioned by authorised personnel. |
ISO 42001: AI Management Systems
International standard for responsible AI management
| Requirement | How Axiom Addresses It |
|---|---|
| AI policy and objectives | ✓Governance framework documentation defines objectives, acceptable use boundaries and policy for AI knowledge retrieval. |
| Risk assessment and treatment | ✓Tier-based access control and closed-world retrieval are designed responses to identified AI risks at the system layer. |
| Transparency and explainability | ✓Mandatory source citations on every answer. Audit trail available on request. No opaque or unattributable outputs. |
Australian Privacy Act 1988
Including the Australian Privacy Principles (APPs)
| Requirement | How Axiom Addresses It |
|---|---|
| Collection limitation and purpose specification | ✓Knowledge base ingestion is scoped to defined purposes. No data is ingested beyond the agreed knowledge architecture. |
| Access and security safeguards | ✓Role-based access control enforced at the retrieval layer. Personal and sensitive information is tier-tagged and restricted accordingly. |
| Accountability | ✓Full audit trail provides the record of who accessed what and when. Prosperity Path maintains compliance documentation for your engagement. |
ISO 27001: Information Security Management
Controls for information security and access management
| Requirement | How Axiom Addresses It |
|---|---|
| Access control | ✓Tier-based access model enforces least-privilege retrieval. Users access only the content their role authorises. |
| Logging and monitoring | ✓Structured audit logging of all interactions with retention and on-request reporting to support security monitoring requirements. |
Ready to Get Started
See engagement options tailored to your organisation's size, complexity and compliance requirements.
Get Started