EdAI's security architecture was designed from day one for the compliance, access control, and audit requirements of medical certification boards. Not bolted on. Built in.
The AI content generation platform and the secure question bank operate in separate environments. There is no direct API connection, no shared database, no automated transfer between them. Generated content moves to the banking environment manually and deliberately — ensuring that every item passes through human review before entering the active bank. This separation is by design, not by limitation.
Where AI modules create content from board-approved sources. Accessible to content curators and administrators.
Where examiners review, edit, approve, and finalize items. Independent infrastructure with its own access controls and audit logs.
High-stakes certification examinations require absolute confidence in candidate identity and examination integrity. EdAI's test administration platform combines biometric identity verification with dual-layer proctoring — AI surveillance working alongside human proctors — to deliver secure remote examinations at scale.
Candidates authenticate through biometric verification before and during examination. The right person takes the right exam.
Continuous AI monitoring detects anomalies — environmental changes, behavioral patterns, unauthorized materials — in real-time.
Trained proctors receive AI-flagged escalations and exercise judgment on ambiguous situations. Technology assists; humans decide.
The platform supports up to 200 simultaneous remote examinations with consistent security and performance across all sessions.
A 6-tier role hierarchy ensures the right people have the right access — no more, no less.
Full platform control. User management, module activation, system configuration.
Board-level administration. User management, content oversight, analytics access.
Content creation and curation. Module access for generating and reviewing educational materials.
Certified members. Access to CME, assessments, educational resources assigned by their board.
Trainees in fellowship programs. Access to training materials and supervised educational tools.
Limited access for research purposes. Read-only access to approved materials.
Permission Matrix: Every role has granular permissions across module access, content management, user administration, and system settings. Permissions are inheritable — higher roles include all permissions of lower roles.
Every action on the platform is logged — user, timestamp, action, context. Content changes track full version history with who changed what and why. Access logs record every login, every module interaction, every data export. This isn't just good practice — it's table stakes for medical certification boards accountable to ABMS standards.
Every user action recorded with full context. Searchable, exportable, and retention-policy compliant.
Multi-tenant architecture ensures complete data separation between boards. Each board's content, users, and configuration are fully isolated.
Boards toggle modules on or off as needed. Deactivation hides the module from users but preserves all data for reactivation.
EdAI runs on Google Cloud Platform with Firebase infrastructure. Data encrypted at rest and in transit. Automated backups. Role-based security rules enforced at the database level.
Schedule a security review with Dr. Ferguson. We'll walk through the architecture, access controls, and compliance documentation specific to your board's requirements.
Schedule a Security ReviewGet early access to the platform. We'll notify you when demo access opens.