Shared security
responsibility model

This shared responsibility model helps define ownership and control over assets, processes, and functions between Creatio and Customers. The goal of the model is to assist in understanding roles and responsibilities in securing implementation of your Creatio environment.

Creatio Cloud

 
Customer
Creatio
Creatio Cloud Infrastructure Providers
Additional Statements or Clarifications

DATA PROTECTION ROLES

Controller
Processor
Sub-processor

INFORMATION AND DATA

Initial Data Import
Learn more
Data Integrity
Learn more
Data Quality
Learn more
Back-up and Restoration
Data Encryption at Rest
Data Encryption in Transit

APPLICATION IDENTITY AND ACCESS MANAGEMENT

User Management (creation, deletion, etc)
Learn more
Access Management
Learn more
Password Management Policy
Authentication Management (SSO, third-party identity solutions)
Learn more

APPLICATION LOGIC AND CODE

Application Configuration and Customization
Learn more
Integrations and API
Learn more
Application Lifecycle Management (Updates and Upgrades)

MONITORING

Application Security Monitoring ( Authentication, Unauthorized access, Data integrity issues, etc.)
Learn more
Application Performance and Availability
Infrastructure Performance and Availability
Infrastructure Security Monitoring (Authentication, Unauthorized access issues, etc.)

APPLICATION INFRASTRUCTURE MANAGEMENT

Identity and Access Management to application infrastructure
Infrastructure lifecycle management (Updates and Security Patches)
Infrastructure Security Configuration (OS and components security hardening)
Endpoint Protection
Virtual machine / server instance management

APPLICATION INFRASTRUCTURE NETWORK

Perimeter Network Firewall
Network Segmentation/Access Control
Intrusion Protection Service
DDoS Protection

PHYSICAL INFRASTRUCTURE

Virtualization platform / Hardware resources
Hardware Server Management and Security
Physical Network Management and Security
Physical Datacenter Environment
Datacenter Physical Security