Shared responsibility model

Review Codat's shared responsibility model with Microsoft Azure

Operations at Codat are performed entirely on cloud hosted platforms. As such, responsibilities vary across layers of the stack. You can see Microsoft's approach to dividing responsibility in the cloud below.

Responsibilities by party

The following tables articulate the responsible parties at each layer of our platform as a service offering and the details of their implementation.

Codat's scope

Responsibility	How is it done?
Information and data	• Codat Control Framework • Data Retention Policy • Encryption Policy • Access Control Policy • Security & Data Protection • Information Security Policy🔗 • Acceptable Use Policy🔗 • Data Security
Devices (mobile and PCs)	• People Operations Security Policy • Security Operations & Network Security Policy (workplace tech) • Security & Data Protection • Acceptable Use Policy🔗
Accounts and identities	• Password Policy • Access Control Policy • Information Security Policy🔗 • People Operations Security Policy • Security & Data Protection • Acceptable Use Policy🔗
Identity and directory infrastructure	• Access Control Policy • Information Security Policy🔗
Applications	• Codat Control Framework • Change Management Policy🔗 • Secure SDLC Policy🔗
Network controls	• Security Operations & Network Security Policy • Codat Control Framework • Information Security Policy🔗 • Network Security

Azure's scope

Comprehensive details on the security and data protection features within Microsoft Azure can be found on the Microsoft Trust Center🔗 and as part of Microsoft's Shared responsibility in the cloud🔗 documentation.

Responsibility	How is it done?
Operating System	• Firmware security🔗 • Security in Azure App Services🔗 • Securing PaaS deployments🔗
Physical hosts	• Azure information system components and boundaries🔗
Physical network	• Azure information system components and boundaries🔗
Physical data centre	• Datacenter security overview🔗