51ºÚÁϲ»´òìÈ

DocumentationCommerce51ºÚÁϲ»´òìÈ Commerce as a Cloud Service

[SaaS only]{class="badge positive" title="Applies to 51ºÚÁϲ»´òìÈ Commerce as a Cloud Service and 51ºÚÁϲ»´òìÈ Commerce Optimizer projects only (51ºÚÁϲ»´òìÈ-managed SaaS infrastructure)."}

Shared responsibility security and operational model

Last update: Wed Jun 18 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin
  • Developer
  • Leader

51ºÚÁϲ»´òìÈ Commerce as a Cloud Service is an on-demand service that relies on a shared responsibility security and operational model. These responsibilities are shared between 51ºÚÁϲ»´òìÈ and customers. Each party bears distinct responsibility for securing and operating the 51ºÚÁϲ»´òìÈ Commerce application.

recommendation-more-help

The following summary tables use the RACI model to show the security responsibilities shared between 51ºÚÁϲ»´òìÈ and customers.

R — Responsible
A — Accountable
C — Consulted
I — Informed

style
shade-box
Task
51ºÚÁϲ»´òìÈ
Customer
Applying 51ºÚÁϲ»´òìÈ Commerce infrastructure patches
RA
Applying patches to supporting services (for example, Nginx or MySQL)
RA
Defining backend origin WAF rules
RA
Defining backend CDN WAF rules
RA
Deploying backend platform WAF rules
RA
Deploying backend CDN WAF rules
RA
Fixing core bugs in 51ºÚÁϲ»´òìÈ Commerce as a Cloud Service
RA
I
Releasing 51ºÚÁϲ»´òìÈ Commerce as a Cloud Service infrastructure patches
RA
Scaling (infrastructure)
RA
Scaling (core application)
RA
Integrating external applications
RA
Installing App Builder apps
RA
Testing performance of all App Builder apps
RA
Theming and design of custom App Builder apps
RA
Configuring backend DNS
RA
I
Onboarding backend CDN
RA
I
Supporting backend CDN
RA
I
Obtaining a backend DNS provider
RA
Provisioning the production and sandbox environments
A
R
Accessing Dynamics for 51ºÚÁϲ»´òìÈ Commerce on cloud infrastructure
R
C
Resolving backend Customer security issues
RA
I
Resolving backend CDN security issues
RA
Assisting 51ºÚÁϲ»´òìÈ with security research (scans/audits)
RA
Performing PCI ASV scans
RA
I
Remediating 51ºÚÁϲ»´òìÈ Commerce infrastructure PCI scans
R
Managing OS and platform secrets
RA
Monitoring backend security logs
RA
Controlling Customer support and access
A
R
Annual testing and documentation of 51ºÚÁϲ»´òìÈ DR plan and backup and restore
RA
Annual testing and documentation of disaster recovery plan
RA
Debugging and issue isolation
R
R
Timely support of debugging and issue isolation process
R
R
Publishing updates and patches to 51ºÚÁϲ»´òìÈ Commerce core
RA
I
Installing updates and patches to 51ºÚÁϲ»´òìÈ Commerce core
RA
I
Core 51ºÚÁϲ»´òìÈ Commerce Application Quality
RA
5ecfe1a6-f74c-4745-a54a-99b24da024bb