Security
Overview
Ready for the SCA is designed to protect sensitive training and assessment data for GP training programmes. Our approach focuses on practical controls across authentication, access, storage and infrastructure.
Authentication
User authentication is provided through Firebase Authentication. Secure login flows and session handling are used to help protect account access across organisation, examiner, trainee and actor roles.
Access control
Access is role-based, with permissions aligned to organisation admin, examiner, trainee and actor duties. Organisation-level data separation is applied so users access only data relevant to their programme and role.
Data protection
Data is transmitted over encrypted HTTPS connections and stored using Google Cloud services with encryption at rest. Assessment and feedback data is handled for training and assessment workflows only.
Video security
Live consultations are delivered through LiveKit with token-based access controls. Only authorised participants can join active sessions. Consultations and recordings are not publicly accessible.
Infrastructure
The platform is hosted on Google Cloud and Firebase infrastructure using industry-standard security practices and managed platform controls.
Monitoring and response
Security issues are monitored and addressed promptly. Where needed, remediation actions are prioritised to reduce risk and restore expected safeguards.
Platform scope
Ready for the SCA is a training and assessment tool. It is not intended for real patient care or clinical decision-making.