Governance & Compliance
Governance Overview

Governance Overview

Xilos provides enterprise-grade governance features that give you control over compliance, data residency, auditability, and access. These features ensure that AI usage in your organization is secure, compliant, and accountable.

Governance Pillars

  • Compliance Frameworks — Xilos supports HIPAA, GDPR, and SOC 2 compliance with built-in controls.
  • Data Residency — Control where your data is stored — US, EU, APAC, or on-premise.
  • Audit Trail — Every query, routing decision, and configuration change is logged and searchable.
  • Role-Based Access — Three roles — SuperAdmin, Org Admin, and User — with scoped permissions.
  • SIEM Integration — Forward governance events to your SIEM platform in CEF, Syslog, or JSON format.
  • Restriction Rules — Block, mask, or flag queries that violate your security policies.

How Governance Works

Every request processed by Xilos passes through the governance pipeline:

  1. Authentication — The request is authenticated via Bearer token or virtual key.
  2. Restriction check — Restriction rules evaluate the query for blocked, masked, or flagged content.
  3. Routing decision — The routing rule selection is logged with the query.
  4. Processing — The query is processed and the response is generated.
  5. Quality scoring — Faithfulness and relevance scores are computed and logged.
  6. Audit logging — The full request-response cycle is written to the audit trail.

All of these steps are automatic and require no additional configuration beyond setting up your restriction rules and routing rules.

What This Means for You

  • Compliance teams get a complete audit trail of every AI interaction, exportable to SIEM.
  • Security teams can enforce policies with restriction rules and monitor for violations.
  • Data officers can configure data residency to meet regional requirements.
  • Administrators can scope access with role-based access control and virtual keys.
  • Auditors can search the audit trail and export evidence for compliance reviews.

Info: Governance features are available across all deployment options. On-Premise deployments give you the additional benefit of full data sovereignty — no data leaves your premises.

Next Steps