Skip to content
AlignSure Docs

Role Architecture

AlignSure’s role architecture ensures every compliance action is performed by an authorized, identified individual with clear accountability.

Role Hierarchy

Section titled “Role Hierarchy”
Administrator
    └── Owner
         └── Reviewer
              └── Contributor

Administrator

Section titled “Administrator”
  • Configures tenant settings, framework selection, and integration connections
  • Manages user role assignments
  • Accesses all audit logs and system-level reports
  • Cannot be assigned by users — requires AlignSure system configuration

Owner

Section titled “Owner”
  • Accountable for compliance outcomes within a specific domain
  • Receives escalations when reviewers flag issues or deadlines are missed
  • Approves final evidence packages for audit submission
  • Views all data within their assigned compliance domain

Reviewer

Section titled “Reviewer”
  • Subject matter expert who validates evidence and documents
  • Performs reviews within the Reviewer Workspace
  • Signs attestations that become part of the audit trail
  • Scoped to specific compliance domains (HIPAA, workers’ comp, COI, etc.)

Contributor

Section titled “Contributor”
  • Submits documents and data for compliance review
  • Responds to validation requests from reviewers
  • Views their own submissions and status
  • Cannot approve, reject, or attest to compliance evidence

Reviewer Specializations

Section titled “Reviewer Specializations”

Reviewers are further classified by domain expertise:

SpecializationDomainTypical Title
AttorneyLegal compliance, BAA, contractsGeneral Counsel, Compliance Attorney
Safety AdvisorOSHA, essential duties, hazardsSafety Director, EHS Manager
Insurance AdvisorCOI, workers’ comp, premiumsRisk Manager, Insurance Coordinator
Medical ProviderTreatment plans, RTW, recoveryOccupational Health Physician, Nurse Case Manager

Identity Binding

Section titled “Identity Binding”

All roles are tied to Microsoft Entra ID accounts. This means:

  • No local AlignSure accounts — if a user loses Microsoft access, they lose AlignSure access
  • Role changes are logged with the administrator’s identity and timestamp
  • Terminated users are automatically deactivated when removed from Entra ID
  • Group-based assignment is supported for organizations using Entra ID security groups