AIM
Architectural Insight for Modernization
Teams, Roles & Access
AIM is built for teams. Every organization gets a structured access model with six roles spanning technical, procurement, and oversight functions — with guest collaboration for external stakeholders and a full audit trail for owners and admins.
1How Organizations Work
Every AIM account belongs to an Organization. An org is the shared workspace where your team creates assessments, manages projects, and generates reports. Think of it as your agency's or company's dedicated instance of AIM.
Your subscription plan (Pilot, Org–Small, Org–Medium, or Org–Large) is attached to the organization, not to individual user accounts. Your team shares a pool of:
- ›Seats — Licensed named users who can log in and work within your org
- ›Assessments — The total number of projects your org can create (Unlimited on Org-Large)
- ›Snapshot Credits — Credits consumed by AI-powered report generation
You can view your org's live usage at any time from Dashboard → Team & Usage.
2Seats vs. Guest Collaborators
Org Seat Holders
Named users invited into your organization. They log in with their own AIM account, persist across all assessments, and hold an org-level role (Owner, Admin, Engineer, Program Analyst, Reviewer, or Viewer).
- ✓ Full AIM account login
- ✓ Access to all org assessments (per role)
- ✓ Count against your seat quota
- ✓ Appear in org team management
Assessment Guest Collaborators
External stakeholders (vendors, contractors, clients) invited to a single specific assessment via email. They authenticate with a one-time code and do not hold an org seat.
- ✓ Email OTP login — no AIM account required
- ✓ Scoped to one assessment only
- ✓ Do not consume org seats
- ✓ Access tracked in the assessment audit log
- ✗ Cannot create or manage anything
Only Owners and Admins can invite guest collaborators. Guest limits are set by your plan — see Plans & Pricing.
3Organization Roles
Full control. Assigned automatically to the account that created the organization.
Federal: CIO / PEO · Healthcare: CIO / CMO · Education: CIO / Superintendent · Enterprise: CTO
Can Do
- ✓Create, edit, archive, and permanently delete assessments
- ✓Invite, manage, and remove all org members
- ✓Manage billing, upgrade plan, and purchase capacity packs
- ✓View org-wide activity and audit logs
- ✓Invite and revoke assessment guest collaborators
- ✓Generate and export all document types
- ✓Use Document Translator — initiate, edit, and finalize
- ✓Configure org settings
- ✓Activate Pulse Sustainment Mode for any completed Pulse implementation
- ✓Configure CCB membership and voting thresholds
- ✓View and export Pulse Sustainment reports
- ✓Manage Pulse Sustainment notification policy
Operational co-owner. Trusted team leads who manage day-to-day operations without billing access.
Federal: Deputy CIO / IT Director · Healthcare: IT Director · Education: Deputy Superintendent · Enterprise: Engineering Director
Can Do
- ✓Create, edit, and archive assessments
- ✓Invite and manage org members (cannot remove Owner)
- ✓View org-wide activity and audit logs
- ✓Invite and revoke assessment guest collaborators
- ✓Generate and export all document types
- ✓Use Document Translator — initiate, edit, and finalize
- ✓Activate Pulse Sustainment Mode for any completed Pulse implementation
- ✓Configure CCB membership and voting thresholds
- ✓View and export Pulse Sustainment reports
Cannot Do
- ✗Manage billing or change subscription plan
- ✗Delete the organization
Technical AIM operator. Runs assessments, operates all analysis engines, and generates technical reports (White Paper, Modernization Report). Procurement document generation requires a Program Analyst seat.
Federal: Systems Engineer / IT Architect · Healthcare: Clinical Systems Engineer · Education: Infrastructure Lead · Enterprise: Solutions Architect
Can Do
- ✓Create new assessments and manage system inventory
- ✓Run all analysis engines (RAO scoring, constraint normalization, risk calculation, architecture diagrams)
- ✓Generate technical reports: White Paper, Modernization Report
- ✓View org members list
- ✓Submit change requests to the Change Control Board (CCB)
- ✓Log technical configuration changes against the as-built baseline
- ✓Respond to drift alerts with remediation notes
Cannot Do
- ✗Generate procurement documents (RFP, IGCE, Market Research, Acquisition Strategy) — requires Program Analyst
- ✗Use Document Translator — requires Program Analyst
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗Approve or flag documents in the review queue
- ✗View activity logs or audit trails
- ✗Manage billing
Procurement and acquisition operator. Generates procurement documents and uses the Document Translator to fill agency-specific templates. Cannot create assessments or run technical engines.
Federal: Program Manager / COR · State/Local: Procurement Officer · Healthcare: IT Project Manager · Education: Purchasing Coordinator · Enterprise: Business Analyst
Can Do
- ✓Generate procurement documents: RFP, IGCE, Market Research Report, Acquisition Strategy
- ✓Use Document Translator — upload agency templates, fill fields, edit and finalize translated documents
- ✓View all assessments and their outputs
- ✓Export previously generated PDFs and documents
- ✓Maintain the post-award procurement action register
- ✓Log procurement actions against the original IGCE for variance tracking
- ✓Receive procurement variance alerts
Cannot Do
- ✗Create or edit assessments
- ✗Run technical analysis engines (RAO scoring, constraint normalization, architecture diagrams)
- ✗Generate technical reports (Modernization Report, White Paper)
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗Approve or flag documents in the review queue
- ✗View activity logs or manage billing
Independent document approver and Change Request closeout signer. Reviews, approves, or flags AIM-generated documents and signs off on Pulse Sustainment Change Request closeouts. Does not attest Pulse or PSM milestones — that responsibility is reserved for the named Designated/Backup Lead (Owner/Admin/Engineer) to preserve separation of duties.
Federal: Legal Counsel / Independent Reviewer · Healthcare: Compliance Officer · Education: Academic Affairs · Enterprise: QA Lead / Change Advisory Board
Can Do
- ✓View all assessments and their outputs
- ✓Access the org-wide document review queue
- ✓Approve or flag generated reports, procurement docs, and translated documents
- ✓Vote on Pulse Sustainment Change Requests when included in a CCB slate
- ✓Attest Change Request closeouts (sign off that the change was actually delivered)
- ✓Export previously generated PDFs
- ✓Vote via email reply for CCB requests (no login required)
- ✓Receive CCB voting reminders and decision summaries
Cannot Do
- ✗Create or edit assessments
- ✗Run analysis engines or generate any documents
- ✗Use the Document Translator
- ✗Be named Designated or Backup Lead on a Pulse or PSM record
- ✗Attest Pulse or PSM milestone completions (Lead-only)
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗View activity logs or manage billing
Read-only stakeholder. Views assessments, reports, and the Pulse dashboard. Cannot generate, modify, or approve anything.
Federal: Congressional Liaison / Oversight Staff · Healthcare: Department Director · Education: Faculty Lead / Board Member · Enterprise: Product Manager
Can Do
- ✓View all assessments and their results
- ✓Read existing reports and recommendations
- ✓Monitor the Pulse implementation dashboard
- ✓Export previously generated PDFs
- ✓View the Pulse Sustainment dashboard
- ✓Receive quarterly stakeholder digest emails (opt-in)
- ✓View drift reports and compliance posture (read-only)
Cannot Do
- ✗Create or edit assessments
- ✗Run analysis engines
- ✗Generate new documents or use the Translator
- ✗Approve or flag documents
- ✗Invite collaborators of any kind
- ✗View activity logs
4Permissions at a Glance
| Action | Owner | Admin | Engineer | Prog. Analyst | Reviewer | Viewer |
|---|---|---|---|---|---|---|
| Create & edit assessments | ||||||
| Manage system inventory | ||||||
| Run technical analysis engines | ||||||
| Generate White Paper | ||||||
| Generate Modernization Report | ||||||
| Generate RFP | ||||||
| Generate IGCE | ||||||
| Generate Market Research Report | ||||||
| Generate Acquisition Strategy | ||||||
| Use Document Translator | ||||||
| Review & approve documents | ||||||
| Be named Pulse / PSM Designated Lead | ||||||
| Attest Pulse / PSM milestones (Lead-only for Engineers) | ||||||
| Activate Pulse Sustainment Mode | ||||||
| Configure CCB membership | ||||||
| Submit change requests | ||||||
| Vote on CCB change requests | ||||||
| Attest Change Request closeouts | ||||||
| Log configuration changes | ||||||
| Log procurement actions | ||||||
| View Pulse Sustainment dashboard | ||||||
| Export Pulse Sustainment reports | ||||||
| Export PDFs (existing documents) | ||||||
| Invite org members | ||||||
| Remove org members | ||||||
| Invite guest collaborators | ||||||
| View activity & audit logs | ||||||
| Manage billing & plan | ||||||
| Delete organization |
5Activity & Audit Logs
Org-Wide Activity Log
Available to Owners and Admins on all plans at Dashboard → Team → Activity Log. Shows a timeline of all org-level events:
- › User invitations sent and accepted
- › Assessments created
- › Guest collaborator invite and access events
Assessment-Level Access Log
Inside any assessment, Owners and Admins can open the Collaborators panel and switch to the Access Log tab to see:
- › Who was invited (guest email, role)
- › Email verification events (pass/fail)
- › Session start timestamps and IP addresses
- › Access revocations
6Team Limits by Plan
| Feature | Pilot | Org – Small | Org – Medium | Org – Large |
|---|---|---|---|---|
| Seats (named users) | 1 | 5 | 15 | 50 |
| Assessments | 3 | 15 | 50 | Unlimited |
| Guest collaborators / assessment | 0 | 3 | 5 | 10 |
| Activity & audit logs | Owner/Admin | Owner/Admin | Owner/Admin | Owner/Admin |
| Assessment access log | Owner/Admin | Owner/Admin | Owner/Admin | Owner/Admin |
| MFA for guest OTP | — | Yes | Yes | Yes |
| Pulse Sustainment Mode (PSM) | — | Included | Included | Included |
Need more seats or assessments? View Plans & Pricing or contact us for a custom Enterprise quote.
7Pulse Sustainment Mode (PSM)
When a modernization implementation is complete, Pulse Sustainment Mode (PSM) activates to track the system through its operational life — change board decisions, configuration drift, procurement renewals against the original IGCE, and compliance posture over time.
PSM uses the same six-role model. The Reviewer role is the natural fit for Change Control Board (CCB) voting members — Reviewers attest CCB decisions through the same workflow they already use for Pulse implementation milestones. Reviewers can also vote directly from email without logging in, which makes CCB participation practical for executive Reviewers (CIO, CISO, Chief Compliance Officer) who do not need to live inside a SaaS dashboard to do their CCB job.
PSM is included with Org-Small, Org-Medium, and Org-Large plans. It is not available on the Pilot (Single-User) plan. There is no separate license fee — sustainment tracking is part of your Org subscription.
Segment-aware terminology
- › Federal: Configuration Control Board (CCB)
- › Healthcare: Change Advisory Board (CAB)
- › Commercial & Education: Change Management
- › Financial: Change Control
Same engine, segment-appropriate labels. AIM determines which terminology to use from your organization's sector setting.
8Common Questions
Can a Viewer generate a report?
No. Viewers can read existing reports and export previously generated PDFs, but they cannot trigger new report generation, run analysis engines, or modify any assessment data.
Can an Engineer or Program Analyst invite a guest collaborator to their assessment?
No. Only Owners and Admins can invite or revoke guest collaborators. Engineers and Program Analysts can create and work assessments, but external access management requires an elevated role.
Can someone be a Viewer in the org but a collaborator on a specific assessment?
Yes. Org roles and assessment guest collaborators are separate concepts. An org Viewer has read-only access to all assessments as a seat holder. A guest collaborator has email-OTP access to a single assessment but does not hold a seat. The same person could technically be both.
How does guest collaborator authentication work?
When an Owner or Admin invites a guest, AIM sends a secure invite link to the email provided. When the guest opens the link, they receive a one-time passcode (OTP) to verify their identity. Sessions are time-limited and revocable at any time. All access events are logged in the assessment audit trail.
What happens when a guest invite expires?
Pending guest invites expire automatically after the configured window (default 7 days). The daily cleanup job marks expired invites and logs an expiry event in the audit trail. Guests with expired invites must be re-invited to regain access.
Who can change a member's role?
Owners can change any member role including other Admins. Admins can change the role of Engineers, Program Analysts, Reviewers, and Viewers but cannot modify the Owner role.
Does Pulse Sustainment Mode cost extra?
No. Pulse Sustainment Mode (PSM) is included with all Org plans (Org-Small, Org-Medium, Org-Large). It is not available on the Pilot (Single-User) plan. When AIM’s agentic operations capabilities ship in the future, those will be a separate, opt-in tier — but the underlying sustainment tracking remains free for all Org-tier customers.
Can a Reviewer vote on a CCB change request without logging in?
Yes. Reviewers receive an email when a vote is required and can reply directly with their vote (approve / defer / reject) and rationale. AIM parses the reply, attests the vote cryptographically, and logs it to the audit trail. This makes CCB participation practical for executive Reviewers (CIO, CISO, Chief Compliance Officer, Compliance Officer) who do not need to live inside a SaaS dashboard to do their CCB job.
What happens to the implementation Pulse when sustainment activates?
The implementation Pulse is frozen and becomes the canonical "as-built" baseline that PSM tracks drift against. It remains viewable in read-only mode forever — it does not disappear, it becomes the source of truth for what was originally delivered.
Ready to set up your team?