Shared responsibility model

The shared responsibility model simplifies security policies and requirements into a single summary.

It tells you what they are responsible for, and what assurances D2S provides.

During onboarding, your team must confirm the name of:

  • the application owner who has overall responsibility
  • the security lead who is accountable for security documentation

Your responsibilities

You are responsible for what’s in the application. This includes:

  • application design, code and build
  • DevOps pipeline setup and code management
  • application deployment and production management
  • application support, backup and sustainability
  • application assurances and testing
  • security logging and monitoring
  • vulnerability management
Diagram showing application owners responsibility model under the Roles shared responsibility model


D2S responsibilities

D2S is responsible for platform evolution, management and security, including:

  • source code management tooling
  • the CI/CD pipeline
  • DevOps tooling and pattern blueprints
  • image repository provision/synchronisation
  • platform support, scaling and resiliency
  • application security assurance packs
  • platform security monitoring and logging
  • software development life cycle tools such as production attestation
Diagram showing D2S responsibility model under the Roles shared responsibility model


MODCloud responsibilities

MODCloud is responsible for hardware and infrastructure, including:

  • compute
  • storage
  • networking
  • infrastructure security and monitoring
Diagram showing MODCloud responsibility model under the Roles shared responsibility model