.png)
Security Criteria (25%)
Rate vendors 1-5 on: zero-history architecture, PII redaction capabilities, guardrail sophistication, encryption standards, on-premises option, SOC 2 certification, penetration testing frequency, incident response SLA, and vulnerability disclosure program.
Compliance Criteria (25%)
Rate on: GDPR compliance, HIPAA readiness, SOX compatibility, EU AI Act alignment, NIST AI RMF coverage, audit log exports, data sovereignty controls, BAA availability, and DPA terms.
Capability Criteria (25%)
Rate on: number of AI models, model routing intelligence, RAG/knowledge base, SSO integration, department management, budget controls, API access, customization options, and user experience.
Cost & Support (25%)
Rate on: pricing transparency, cost normalization, budget controls, billing granularity, support response time, documentation quality, onboarding assistance, community resources, and roadmap visibility.