Printed from CheckTick DSPT Compliance Documentation
Cloud Shared Responsibility Matrix
CheckTick uses this matrix to ensure clarity of accountability for our outsourced services (primarily Northflank/PaaS).
| Security Layer | Responsible Party | Description |
|---|---|---|
| Physical Security | Northflank / GCP | Security of data centers, power, and hardware. |
| Host Infrastructure | Northflank | Security of the OS/Hypervisor running the containers. |
| Network Boundary | Joint | Northflank provides the firewall; CheckTick configures the rules. |
| Application Code | CheckTick | Security of the Django/Python code and dependencies. |
| Identity & Access | CheckTick | Management of staff accounts and MFA enforcement. |
| Data Encryption | CheckTick | Configuring SSL/TLS and database encryption-at-rest. |
| Backups & Recovery | Joint | Northflank provides the tool; CheckTick defines the schedule. |
Verification
This matrix is reviewed annually alongside our Supplier Register to ensure no changes in service level agreements (SLAs) have altered these responsibilities.