New Grow Digital — up to 50% co-funding for qualifying AI engagements Learn more
Book a session
30 min · free
Pricing
Tier calculator
Our Approach Responsible AI AI-Enabled Development Software Architecture Platform Engineering Modernization Generative AI Agentic AI Vision AI Voice AI Text & NLP AI Sprint AI Academy Leadership Clinic
Overview & pricing Ignite Accelerate Deploy Evolve Compare tiers Pricing calculator
All industries Financial Services Healthcare Retail & E-Commerce Manufacturing Government Professional Services Case studies
Blog Case studies Free AI Tools Events TL;DR Newsletter
Why EIS Our Story Team Careers Contact
Book a session Contact us

Security and vendor posture, on the record.

What enterprise procurement needs before they sign. Honest, current, in plain English.

Data residency

Where your data sits, and what crosses borders.

Customer data sits in Singapore by default (AWS ap-southeast-1 or GCP asia-southeast1). For regulated workloads or in-country requirements, we can elect Indonesia (Jakarta) or Malaysia (Kuala Lumpur) regions. The only data that crosses borders is ephemeral inference traffic when a model API is foreign-hosted, and that case is flagged in the proposal so procurement signs off before a single token leaves the region. In-country deployments are available on Deploy and Evolve tiers; quoted on request for Accelerate.

DPA terms

A DPA template you can sign, or yours we can redline.

DPA template available on request. GDPR and PDPA aligned, drafted with input from Singapore and EU counsel. Happy to redline yours if your legal team prefers.
Subprocessor list maintained. Updated on every change, shared on request, with opt-out paths for individual subprocessors documented in the agreement.
Breach notification within 72 hours. Aligned with PDPA and GDPR Article 33. Contact tree, communication template, and incident-response runbook are part of the SOW.
Data deletion on engagement end. Production data, training artifacts, and code repositories are handed back or destroyed within 30 days, with a signed certificate of deletion.
SLA terms

Response-time SLAs vary by tier. Uptime is scoped per engagement.

Accelerate is best-effort same-day response. Deploy is 4-hour P1 / next-business-day P2 (the full grid lives on the Deploy page). Evolve carries custom SLAs negotiated against your platform and on-call coverage. Uptime targets are scoped per engagement and committed in the SOW. We don't quote a generic "99.9%" because the number is meaningless without context: which platform, which dependency, which region, which time zone.

Certifications

Honest about what we have, and what we don't.

EIS is not SOC2 or ISO 27001 certified at the firm level. We're a boutique team on an 18-month roadmap to firm-level audit. The current model leans on partner-cloud inheritance (AWS, GCP, and Azure carry SOC2 and ISO 27001 for hosted workloads), plus an AI-governance posture stronger than most. If your procurement requires SOC2 firm-level today, we're not the right vendor yet. If you can accept the partner-cloud inheritance plus our AI-governance posture, we ship.

AI Verify (Singapore). Assessments mapped against IMDA's framework. We produce the report your regulator will accept on first submission.
MAS FEAT alignment. Required for FS engagements in Singapore. Built into ASSESS and ARCHITECT phases.
NIST AI Risk Management Framework. Mapped across Govern, Map, Measure, Manage in our governance docs. Increasingly the global standard.
OWASP LLM Top 10. Threat-modelled in code review. Prompt injection, data poisoning, model theft, and sensitive-data disclosure hardened at the architecture level.
Vendor questionnaire

Pre-filled answers, two-business-day turnaround.

Pre-filled answers to the standard banking-procurement questionnaire are available, CAIQ-aligned (Cloud Security Alliance's Consensus Assessments Initiative). Turnaround is within 2 business days from receipt. Reference customers in financial services, healthcare, and government are available under NDA. Send your questionnaire to hello@eis.sg with your procurement team CCed.

FAQ

Frequently asked, by procurement.

What enterprise security and procurement teams ask before they sign.

Q01Where does our data live?
Singapore by default (AWS ap-southeast-1 or GCP asia-southeast1). For in-country requirements, we can elect Indonesia (Jakarta) or Malaysia (Kuala Lumpur) regions. Foreign-hosted model APIs are flagged in the proposal so procurement signs off before any token leaves the region.
Q02Are you SOC2 certified?
Not at the firm level today. We're on an 18-month roadmap to SOC2 Type II. Current posture leans on partner-cloud inheritance (AWS, GCP, and Azure carry SOC2 and ISO 27001 for hosted workloads). If your procurement requires SOC2 firm-level today, we're not the right vendor yet.
Q03Can we sign your DPA template?
Yes. Email hello@eis.sg and we'll send the template within one business day. GDPR and PDPA aligned, drafted with Singapore and EU counsel. Or send yours and we'll redline.
Q04What's the breach notification timeline?
Within 72 hours of discovery, aligned with PDPA and GDPR Article 33. Contact tree, communication template, and incident-response runbook are part of the SOW. We share a redacted post-mortem within 14 days.
Q05Will you sign our security questionnaire?
Yes. Pre-filled CAIQ-aligned answers are available. Turnaround is 2 business days from receipt. Reference customers in financial services, healthcare, and government are available under NDA.
Q06What about model output liability?
Standard liability caps in our MSA, with carve-outs for IP indemnification and data breach. Model output is treated as derived work. Output review and human-in-the-loop steps are scoped per engagement. We don't claim liability for hallucinated content where a human-in-the-loop step was contractually waived.

Bring procurement in early.

We'd rather get the security review out of the way upfront than discover a blocker eight weeks in. Email hello@eis.sg with your questionnaire, or book a 30-minute review.

Email hello@eis.sg Book the security review Reply within 1 business day