| Document Number | Revision Number | Revision Date |
|---|---|---|
| IT.FR.23.EN | Rev1 | 25.03.2026 |
1. Infrastructure
RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I
| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
|---|---|---|---|---|
| Data Center Physical Security | Layer 1 | Facility security, guards, CCTV, access control | R/A | I |
| Hardware Infrastructure | Layer 1 | Server hardware procurement & maintenance | R/A | I |
| Power & Cooling | Layer 1 | Redundant power and cooling systems | R/A | I |
| Network Cabling & Backbone | Layer 1-2 | Physical network infrastructure | R/A | I |
| Virtual Network Infrastructure | Layer 2-3 | VPC infrastructure availability | R/A | I |
| Subnet Configuration | Layer 3 | Subnet design and segmentation | C | R/A |
| Routing Tables | Layer 3 | Route configuration and management | C | R/A |
| Internet Gateway | Layer 3 | Gateway availability | R | A |
| Security Groups / NACL | Layer 3-4 | Traffic filtering rule definition | C | R/A |
| DDoS Base Protection | Layer 3-4 | Provider-level DDoS mitigation | R/A | I |
| Hypervisor Security | Layer 2-3 | Hypervisor patching & hardening | R/A | I |
| Storage Infrastructure | Layer 1-7 | Storage durability & availability | R/A | I |
| Cloud Infrastructure Monitoring | Layer 1-7 | Infrastructure monitoring | R/A | I |
| Incident Response – Infra | Layer 1-4 | Infra-level incident handling | R/A | C |
| Cloud Compliance Certifications | All | ISO/SOC certifications of cloud | R/A | I |
| Business Continuity (Cloud) | Layer 1-7 | Cloud region resilience | R/A | I |
2. Kubernetes
RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I
| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
|---|---|---|---|---|
| Kubernetes Control Plane | Layer 7 | Managed K8s service availability | R | A |
| Kubernetes RBAC | Layer 7 | Role & permission management | I | R/A |
| Network Policies | Layer 3-7 | Pod-to-pod traffic control | I | R/A |
| Container Image Security | Layer 7 | Image hardening & validation | I | R/A |
| Secrets Management | Layer 7 | K8s secrets configuration | I | R/A |
3. Application
RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I
| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
|---|---|---|---|---|
| VM Operating System | Layer 7 | OS installation & configuration | I | R/A |
| OS Patching | Layer 7 | Guest OS security updates | I | R/A |
| Host-based Firewall | Layer 4-7 | OS firewall configuration | I | R/A |
| Application Security | Layer 7 | Secure SDLC & code security | I | R/A |
| Authentication & Authorization | Layer 7 | App-level IAM controls | I | R/A |
| Logging & Monitoring Config | Layer 7 | Application log configuration | I | R/A |
| API Security | Layer 7 | Rate limiting & validation | I | R/A |
| Data Encryption at Rest | Layer 7 | Storage-level encryption capability | R | A |
| Encryption Key Management | Layer 7 | Key lifecycle management | C | R/A |
| Data Backup Configuration | Layer 7 | Backup policy definition | C | R/A |
| Application Monitoring | Layer 7 | App-level health monitoring | I | R/A |
| Incident Response – App | Layer 7 | Application incident handling | C | R/A |
| Customer Data Protection | Layer 7 | Personal data protection compliance | I | R/A |
| Access Management (Cloud Console) | Layer 7 | Cloud IAM configuration | C | R/A |
| Business Continuity (Application) | Layer 7 | App-level DR planning | C | R/A |
©2026 SESTEK. All rights reserved.