Architecture-First Governance
Crucible AI is an on-premise compliance monitoring platform. It runs entirely on a facility-owned device inside the client network. No client data is transmitted to WalkerNash or any cloud service. This architectural decision is the foundation of our governance model -- privacy and security are enforced by design, not by policy alone.
Zero Data Transmission
Client data never leaves the facility network. No cloud inference, no external API calls, no telemetry. The LLM runs locally on CPU.
Data Sovereignty
The facility owns all data on the Crucible device. WalkerNash has no copy, no remote access, and no cloud backup of client information.
Data Minimization
The Chrome extension strips sensitive identifiers at the point of capture per the HIPAA Minimum Necessary Rule. Only operational event data is retained.
Air-Gap Capable
Crucible operates fully offline with no internet phone-home requirement. Regulatory knowledge is pre-packaged and shipped with the device.
NIST AI Risk Management Framework Alignment
We voluntarily align with the NIST AI RMF to demonstrate structured, responsible governance of our AI system. The framework organizes AI risk management into four functions.
| NIST Function | Requirement | Crucible Implementation | Status |
|---|---|---|---|
| GOVERN Ownership & Accountability |
AI system ownership defined | CEO owns product decisions. COO orchestrates operations. Each AI function has defined scope and escalation rules. | Satisfied |
| Policies prohibit fabrication | Anti-fabrication policy enforced across all AI outputs. Every compliance claim must cite a specific enforcement case by entity name, year, and penalty. | Satisfied | |
| Roles and responsibilities documented | Operations manual defines each role, autonomy boundaries, and escalation triggers. BAA structure documents vendor obligations. | Satisfied | |
| Risk tolerance defined | Crucible provides advisory information only. Human operators review all AI output and make compliance decisions. No autonomous actions. | Satisfied | |
| MAP System Inventory & Context |
AI system inventory | Single model documented with benchmarks: local AI model running on-premise hardware. No GPU required. Model selection rationale recorded. | Satisfied |
| Data flow documented | Two-system architecture: walkernash.ai (public, no PHI) and Crucible (on-premise, handles operational data). Chrome extension data flow and stripping rules specified. | Satisfied | |
| Use cases defined | Compliance guidance, enforcement monitoring, regulatory alerts, survey readiness. No hiring, lending, diagnosis, or consequential individual decisions. | Satisfied | |
| MEASURE Testing & Evaluation |
Model quality benchmarked | Compliance-specific prompt suite tested across candidate models. Baseline accuracy documented against regulatory knowledge tasks. | Satisfied |
| Performance monitoring | Response latency tracked on target hardware. Model evaluated against multiple alternatives before selection. | Satisfied | |
| Ongoing evaluation program | New model releases evaluated against compliance benchmark as they become available. Model can be upgraded without changing architecture. | In Progress | |
| MANAGE Action & Response |
Incident response defined | Breach risk profile documented. On-premise architecture eliminates cloud breach vectors. Secure erase procedures for device returns. | Satisfied |
| Human oversight maintained | All AI output is advisory. Staff review Crucible guidance before taking action. Role-based access controls with five tiers documented. | Satisfied | |
| Vendor obligations documented | BAA based on HHS recommended template. WalkerNash obligations: protect PHI, no unauthorized access, no new PHI exposure in updates, audit support. | Satisfied | |
| Data handling at termination | Facility data remains accessible after license expiry. WalkerNash IP encrypted with AES-256 and deactivated. Zero vendor lock-in on client data. | Satisfied |
Why Most Certifications Do Not Apply
Crucible's on-premise architecture eliminates the need for certifications designed for cloud-based data processors.
- SOC 2 -- Not applicable. We do not process, store, or transmit customer data through our infrastructure.
- HIPAA BAA -- Our architecture means healthcare clients can deploy Crucible without triggering Business Associate requirements for cloud data handling.
- FedRAMP -- Not applicable. Crucible is not a cloud service.
- PCI DSS -- Not applicable. We do not handle payment card data.
- GDPR -- Not applicable for US deployments. No EU personal data processing.
These are not gaps in our compliance posture. They are the direct result of an architecture designed so that your data never leaves your building.
Encryption and Security
- Client data stored in local SQLite database on the facility device. Always accessible to the facility, even after license expiry.
- Regulatory corpus encrypted with AES-256 at rest. Encryption key derived from license token plus WalkerNash master secret.
- No internet dependency -- system operates fully air-gapped. No phone-home, no telemetry, no usage tracking.
- Role-based access controls with five tiers: Staff, Charge Nurse, DON, Administrator, IT Admin. All access logged locally for audit review.
Responsible AI Commitments
- Human-in-the-loop -- Crucible provides compliance guidance. Humans make all compliance decisions. The AI never takes autonomous action.
- Transparency -- All enforcement data cites primary government sources with verifiable URLs. No proprietary black-box risk scores.
- Anti-fabrication -- Every compliance claim must reference a specific enforcement case by entity name, year, and penalty amount.
- Model-agnostic -- Crucible is not locked to any single AI provider. The LLM can be upgraded or replaced without changing the architecture.
- Data minimization -- Sensitive identifiers are stripped at the point of capture. Only operational event metadata is retained.