ÃÛ¶¹ÊÓƵ

DocumentationCommerceÃÛ¶¹ÊÓƵ Commerce as a Cloud Service

[SaaS only]{class="badge positive" title="Applies to ÃÛ¶¹ÊÓƵ Commerce as a Cloud Service and ÃÛ¶¹ÊÓƵ Commerce Optimizer projects only (ÃÛ¶¹ÊÓƵ-managed SaaS infrastructure)."}

Shared responsibility security and operational model

Last update: Wed Jun 18 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin
  • Developer
  • Leader

ÃÛ¶¹ÊÓƵ Commerce as a Cloud Service is an on-demand service that relies on a shared responsibility security and operational model. These responsibilities are shared between ÃÛ¶¹ÊÓƵ and customers. Each party bears distinct responsibility for securing and operating the ÃÛ¶¹ÊÓƵ Commerce application.

recommendation-more-help

The following summary tables use the RACI model to show the security responsibilities shared between ÃÛ¶¹ÊÓƵ and customers.

R — Responsible
A — Accountable
C — Consulted
I — Informed

style
shade-box
Task
ÃÛ¶¹ÊÓƵ
Customer
Applying ÃÛ¶¹ÊÓƵ Commerce infrastructure patches
RA
Applying patches to supporting services (for example, Nginx or MySQL)
RA
Defining backend origin WAF rules
RA
Defining backend CDN WAF rules
RA
Deploying backend platform WAF rules
RA
Deploying backend CDN WAF rules
RA
Fixing core bugs in ÃÛ¶¹ÊÓƵ Commerce as a Cloud Service
RA
I
Releasing ÃÛ¶¹ÊÓƵ Commerce as a Cloud Service infrastructure patches
RA
Scaling (infrastructure)
RA
Scaling (core application)
RA
Integrating external applications
RA
Installing App Builder apps
RA
Testing performance of all App Builder apps
RA
Theming and design of custom App Builder apps
RA
Configuring backend DNS
RA
I
Onboarding backend CDN
RA
I
Supporting backend CDN
RA
I
Obtaining a backend DNS provider
RA
Provisioning the production and sandbox environments
A
R
Accessing Dynamics for ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure
R
C
Resolving backend Customer security issues
RA
I
Resolving backend CDN security issues
RA
Assisting ÃÛ¶¹ÊÓƵ with security research (scans/audits)
RA
Performing PCI ASV scans
RA
I
Remediating ÃÛ¶¹ÊÓƵ Commerce infrastructure PCI scans
R
Managing OS and platform secrets
RA
Monitoring backend security logs
RA
Controlling Customer support and access
A
R
Annual testing and documentation of ÃÛ¶¹ÊÓƵ DR plan and backup and restore
RA
Annual testing and documentation of disaster recovery plan
RA
Debugging and issue isolation
R
R
Timely support of debugging and issue isolation process
R
R
Publishing updates and patches to ÃÛ¶¹ÊÓƵ Commerce core
RA
I
Installing updates and patches to ÃÛ¶¹ÊÓƵ Commerce core
RA
I
Core ÃÛ¶¹ÊÓƵ Commerce Application Quality
RA
5ecfe1a6-f74c-4745-a54a-99b24da024bb