---
title: "Cloud Provider Services RACI Matrix"
slug: "cloud-provider-services-raci-matrix"
updated: 2026-03-25T12:37:07Z
published: 2026-03-25T12:37:07Z
canonical: "docs.knovvu.com/cloud-provider-services-raci-matrix"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.knovvu.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloud Provider Services RACI Matrix

| Document Number | Revision Number | Revision Date |
| --- | --- | --- |
| IT.FR.23.EN | Rev1 | 25.03.2026 |


#### 1. Infrastructure

RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I

| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
| --- | --- | --- | --- | --- |
| Data Center Physical Security | Layer 1 | Facility security, guards, CCTV, access control | R/A | I |
Hardware Infrastructure|Layer 1 |Server hardware procurement & maintenance  | R/A | I |
Power & Cooling|Layer 1 | Redundant power and cooling systems | R/A | I |
Network Cabling & Backbone|Layer 1-2 | Physical network infrastructure | R/A | I |
Virtual Network Infrastructure|Layer 2-3 | VPC infrastructure availability | R/A | I |
Subnet Configuration|Layer 3 | Subnet design and segmentation | C | R/A |
Routing Tables|Layer 3 |Route configuration and management  | C | R/A |
Internet Gateway|Layer 3 | Gateway availability | R | A |
Security Groups / NACL|Layer 3-4 | Traffic filtering rule definition | C | R/A |
DDoS Base Protection|Layer 3-4 | Provider-level DDoS mitigation | R/A | I |
Hypervisor Security|Layer 2-3 | Hypervisor patching & hardening | R/A | I |
Storage Infrastructure|Layer 1-7 | Storage durability & availability | R/A | I |
Cloud Infrastructure Monitoring|Layer 1-7 | Infrastructure monitoring | R/A |I |
Incident Response – Infra|Layer 1-4 | Infra-level incident handling | R/A | C |
Cloud Compliance Certifications|All | ISO/SOC certifications of cloud| R/A | I |
Business Continuity (Cloud)|Layer 1-7 | Cloud region resilience | R/A | I |

#### 2. Kubernetes
RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I

| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
| --- | --- | --- | --- | --- |
|Kubernetes Control Plane|Layer 7|Managed K8s service availability|R|A|
|Kubernetes RBAC|Layer 7|	Role & permission management|	I|R/A|
|Network Policies|Layer   3-7| Pod-to-pod traffic control|I|R/A|
|Container Image Security|Layer 7|Image hardening & validation|I|	R/A|
|Secrets Management|	Layer 7|	K8s secrets configuration|I|R/A|
 
#### 3. Application
RESPONSIBLE = R, ACCOUNTABLE = A, CONSULTED= C, INFORMED= I

| Domain / Component | OSI Layer | Activity | CLOUD PROVIDER | SESTEK |
| --- | --- | --- | --- | --- |
|VM Operating System|	Layer 7|	OS installation & configuration|	I|	R/A|
|OS Patching|	Layer 7|	Guest OS security updates|	I|	R/A|
|Host-based Firewall|	Layer 4-7|	OS firewall configuration|	I|	R/A|
|Application Security|	Layer 7|	Secure SDLC & code security|	I |	R/A|
|Authentication & Authorization|	Layer 7|	App-level IAM controls|	I|	R/A|
|Logging & Monitoring Config|	Layer 7|	Application log configuration|	I|	R/A|
|API Security|	Layer 7|	Rate limiting & validation|	I|	R/A|
|Data Encryption at Rest|	Layer 7|	Storage-level encryption capability|	R|	A|
|Encryption Key Management|	Layer 7|	Key lifecycle management|	C|	R/A|
|Data Backup Configuration|	Layer 7|	Backup policy definition|	C|	R/A|
|Application Monitoring|	Layer 7|	App-level health monitoring|	I|	R/A|
|Incident Response – App|	Layer 7|	Application incident handling|	C|	R/A|
|Customer Data Protection|	Layer 7|	Personal data protection compliance|	I|	R/A|
|Access Management (Cloud Console)|	Layer 7|	Cloud IAM configuration|	C	|R/A|
|Business Continuity (Application)|	Layer 7|	App-level DR planning|	C|	R/A|


©2026 SESTEK. All rights reserved.