Trust Center
Built for the people who have to answer the examiner.
AXIOM is in founding pilot phase. This page is an honest accounting of what is live today, how the platform is built, and how the architecture maps to SR 11-7 model risk management expectations. Where something is in progress rather than shipped, we say so.
Security controls
- Server-side authentication, fail-closed by default [Live] — Express-session managed authentication. Session cookies marked secure in production. No client-side trust assumptions.
- Row-level multi-tenancy isolation [Live] — Organization-scoped data access enforced at the middleware layer. Cross-tenant queries fail closed.
- API key protection for internal microservices [Live] — The decision engine microservice requires a shared secret on every inbound request. No anonymous access.
- Sanitized error messages [Live] — Production responses never leak stack traces, internal paths, or database identifiers.
- Append-only decision records [Live] — Decisions are immutable once recorded. Any change creates a new version with a complete diff. Nothing is ever overwritten.
- Complete audit trail for every action [Live] — All recorded actions are timestamped, attributed to a named human, and retained as part of the decision lineage.
- Encrypted data at rest and in transit [Live] — PostgreSQL with provider-level encryption at rest. TLS for all client and service-to-service communication.
- SOC 2 readiness program [In progress] — Currently in founding pilot phase. We do not claim certification. SOC 2 Type 1 audit planned ahead of general availability.
Platform architecture
- Append-only decision store — PostgreSQL with Drizzle ORM. Decisions, assumptions, approvals, and evidence are stored as versioned, immutable records. Schema is opinionated for SR 11-7 evidence reconstruction.
- Decision Intelligence engine (axiom-council) — Standalone TypeScript microservice. Houses the reasoning modes, contradiction detector, assumption drift tracker, evidence sufficiency checker, and verdict builder. Authenticated by shared secret. Can be deployed in customer VPC under enterprise terms.
- Deterministic scoring layer — All Decision Debt scores, drift signals, and contradiction severities are computed deterministically. No Math.random, no volatile model outputs in scoring. The same inputs always produce the same score.
- AI as advisory only — AI outputs are surfaced as advisory inputs. Every recorded decision requires a human signature. AI never acts as the approver.
- Identity and accountability — Every decision has exactly one accountable human owner and one final approver, recorded by identity. Service accounts cannot approve decisions.
- Audit reconstruction layer — Any decision can be reconstructed end-to-end on demand: lineage, prior versions, frozen evidence bundle, approval chain, and AI advisory history. Exportable as a single artifact for examiner review.
SR 11-7 alignment
- Sufficient model documentation — Every recorded decision captures rationale, alternatives considered, and the evidence bundle the decision rested on. Reconstructable without tribal knowledge.
- Designated accountable owner — Single accountable owner field is required on every decision. Ownership changes generate explicit drift signals and new decision versions.
- Assumptions identified and monitored — Assumptions are first-class records with explicit revalidation triggers (date, event, or metric threshold). Drift across the decision graph is surfaced automatically.
- Effective challenge — Append-only versioning preserves every challenge, counter-argument, and revision. Critic-stack outputs are retained. Verdict history is fully diffable.
- Ongoing monitoring — Revalidation triggers fire on the cadence or condition the assumption was recorded with. Contradictions across related decisions are surfaced as system-generated signals.
- Model inventory — Decision graph maps upstream and downstream dependencies for every recorded decision. Inventory is a navigable byproduct of the lineage, not a separate spreadsheet.
SR 11-7 is the Federal Reserve and OCC supervisory letter on model risk management. This is a design alignment statement, not a regulatory endorsement.
Responsible disclosure
Suspected vulnerabilities can be reported to security@axiomdecisionlayer.com. We respond within two business days.