Shared Responsibilities Matrix

What are the shared responsibilities for Clinical Branches?

This model outlines the division of responsibilities between Kraken Coding and our customers in maintaining the security and functionality of the Clinical Branches platform.

Green dots signify the responsibility of either Kraken Coding or the Customer

Responsibility

Kraken Coding

Customer

Infrastructure Security

Kraken Coding maintains and secures the physical and virtual infrastructure hosting the application, including firewalls, intrusion detection/prevention systems, and regular security patching.

Platform Security

Kraken Coding secures the operating systems, databases, and middleware components, implementing platform-level access controls and regularly updating all platform components.

Application Security

Kraken Coding implements secure coding practices, conducts regular code reviews and security testing, and maintains application-level access controls and authentication mechanisms.

Data Encryption

Kraken Coding implements and maintains encryption for data in transit and at rest, securely manages encryption keys, and ensures proper encryption of backups and data exports.

Access Control Management

Kraken Coding provides the access control management system, while customers are responsible for assigning and managing system administrators within their organization and setting appropriate user access levels.

User Authentication

Kraken Coding implements and maintains the authentication system, while customers are responsible for ensuring that only authorized employees have active accounts and enforcing strong authentication practices.

Data Backup and Recovery

Kraken Coding implements and maintains a comprehensive backup strategy, performs regular backups, and conducts disaster recovery drills to ensure data integrity and availability.

Incident Response and Management

Kraken Coding maintains an incident response plan and 24/7 incident response service, while customers are responsible for promptly reporting any suspected security incidents and cooperating during investigations.

Compliance with Data Protection Regulations

Kraken Coding ensures platform compliance with relevant regulations, while customers are responsible for ensuring their use of the platform complies with applicable regulations and obtaining necessary consents from data subjects.

Staff Training on Security Practices

Kraken Coding provides security awareness training for its staff and offers guidance on security best practices, while customers are responsible for ensuring their staff complete required training and understand security policies.

Clinical Content Development

Kraken Coding develops and maintains core clinical content, while customers can develop custom clinical content as needed for their specific requirements, ensuring adherence to relevant clinical standards.

Clinical Content Approval

Kraken Coding implements a rigorous approval process for core clinical content, while customers are responsible for implementing internal approval processes for their custom content and managing content subscriptions.

Regular Security Assessments

Kraken Coding conducts regular internal and third-party security assessments, including penetration testing and vulnerability scans, to ensure the ongoing security of the platform.

Vulnerability Management

Kraken Coding implements a comprehensive vulnerability management program, regularly scanning all system components and prioritizing remediation based on severity and potential impact.

Patch Management

Kraken Coding maintains a comprehensive patch management process, regularly reviewing and applying security patches to all system components after appropriate testing.

Business Continuity Planning

Kraken Coding develops and maintains a comprehensive Business Continuity Plan (BCP) for the platform, while customers are responsible for developing internal BCPs that integrate with Kraken Coding's platform BCP.

Disaster Recovery

Kraken Coding develops, maintains, and regularly tests a comprehensive Disaster Recovery (DR) plan, ensuring geographically dispersed backup locations and clear communication during DR events.

Data Retention and Disposal

Kraken Coding implements data retention policies and secure disposal methods, while customers are responsible for defining internal data retention policies and ensuring compliance with relevant regulations.

Third-party Risk Management

Kraken Coding maintains a comprehensive third-party risk management program, while customers are responsible for notifying Kraken Coding of any third-party integrations they implement that interact with the platform.

Audit Logging and Monitoring

Kraken Coding implements comprehensive audit logging and real-time monitoring across all system components, while customers are responsible for promptly reporting any suspicious activities identified in audit logs.

Change Management

Kraken Coding maintains a comprehensive change management process, while customers are responsible for implementing internal change management processes for customer-managed aspects of the platform and reviewing change notifications.

Detailed Responsibilities

For a detailed breakdown of each responsibility, please refer to our full Shared Responsibilities Model document. If you have any questions about these responsibilities, please don't hesitate to contact us.

Have Questions?

If you have any questions about our shared responsibilities model, please get in touch with our team.