- 31 Oct 2024
- 1 Minute to read
- Print
- DarkLight
Shared responsibility model
- Updated on 31 Oct 2024
- 1 Minute to read
- Print
- DarkLight
The following table shows the roles and responsibilities for guaranteeing the continuity of vital components of the service, deriving from the business impact analysis.
Actors | Board International | Customer |
---|---|---|
Component | ||
Data Center Redundancy | ||
Physical Infrastructure countermeasures | ||
Board tenant Service Redundancy | ||
Board tenant Service Backups | ||
Customer application Business Continuity* | ||
Customer application Data Backups** | ||
Application level security measures*** | ||
Customer Data Encryption | ||
SaaS Cyber-attack countermeasures |
Customer applications developed by the customer (Board Data models, Capsules, and Procedures) should be designed and implemented in accordance with best practices, considering the business continuity requirements of the application (i.e. the customer is responsible for testing changes to the data model and capsules before deployment into production).
** The customer is required to manage their own applications’ data and perform data backups
*** The application security layer is designed and developed by the customer during the implementation.
The customer is responsible for:
granting new user access and ascertaining that terminated employees have no access to the System, revoked in a timely manner
ascertaining that written process instructions for the administration of authorizations exist and include responsibilities, authorization instructions, and authorization administration
regularly reviewing the user profiles and the access activities associated to the accounts
guaranteeing, by all actors involved, timely intervention in case anomalies occur in their areas of responsibility.