Shared responsibility model
The shared responsibility model simplifies security policies and requirements into a single summary.
It tells you what they are responsible for, and what assurances D2S provides.
During onboarding, your team must confirm the name of:
- the application owner who has overall responsibility
- the security lead who is accountable for security documentation
Your responsibilities
You are responsible for what’s in the application. This includes:
- application design, code and build
- DevOps pipeline setup and code management
- application deployment and production management
- application support, backup and sustainability
- application assurances and testing
- security logging and monitoring
- vulnerability management
D2S responsibilities
D2S is responsible for platform evolution, management and security, including:
- source code management tooling
- the CI/CD pipeline
- DevOps tooling and pattern blueprints
- image repository provision/synchronisation
- platform support, scaling and resiliency
- application security assurance packs
- platform security monitoring and logging
- software development life cycle tools such as production attestation
MODCloud responsibilities
MODCloud is responsible for hardware and infrastructure, including:
- compute
- storage
- networking
- infrastructure security and monitoring