This page explains the usual responsibility split between CFTS and the client. The exact boundary depends on the quoted service, managed service scope, and any written agreement. ## Default Position Unless a managed service is explicitly included in writing, CFTS services are provided as unmanaged infrastructure services. Under an unmanaged service: - CFTS operates the infrastructure platform. - the client operates the operating system, applications, users, credentials, and data inside the service. ## Responsibility Summary | Area | CFTS Normally Handles | Client Normally Handles | | --- | --- | --- | | Physical facility | Power, cooling, physical environment, facility controls | Client-owned equipment requirements where applicable | | Compute platform | Hosts, virtualisation, resource allocation, infrastructure health | Guest OS configuration and application workloads | | Storage platform | Managed storage systems, redundancy, storage availability | Application data model, file organisation, data validation | | Network platform | Internal datacentre networking, assigned network services | Application ports, firewall requirements, DNS requests, client connectivity | | Operating system | Only where OS management is contracted | Installation choices, updates, hardening, users, services | | Applications | Only where application support is contracted | Installation, configuration, licensing, testing, upgrades | | Backups | Backup orchestration where contracted | Backup requirements, application consistency, restore validation | | Security | Infrastructure controls, administrative access controls, monitoring | Application security, user permissions, passwords, exposed services | | Data protection | Processing on documented instructions where CFTS is processor | Controller decisions, lawful basis, data subject handling | | Licensing | Supplied licenses where quoted | License compliance for client software and usage | ## Unmanaged Services Unmanaged services provide infrastructure resources only. CFTS is normally responsible for: - physical infrastructure - virtualisation platform - internal storage platforms - internal datacentre networking - platform monitoring - infrastructure availability within the SLA boundary The client remains responsible for: - operating system administration - application deployment - application updates - security configuration - user management - access permissions - data validation - application-level backup requirements ## Managed Services Managed services extend CFTS responsibilities only for the systems and activities listed in the applicable agreement. Examples may include: - OS patching - monitoring and alerting - backup orchestration - security hardening - database platform support - operational assistance Managed services do not automatically include: - application development - custom software debugging - third-party vendor support - end-user helpdesk support - business process support ## Backup Responsibilities CFTS may provide backup infrastructure or backup management where contracted. Clients remain responsible for: - identifying critical data - confirming retention needs - testing application behaviour after restore - validating recovered data - maintaining independent copies of critical data where appropriate Infrastructure backups do not automatically guarantee application consistency unless the service is designed and contracted for that purpose. ## Security Responsibilities CFTS applies controls such as restricted administrative access, MFA, monitoring, encryption, network segmentation, and infrastructure hardening. Clients remain responsible for: - strong user passwords - client-side MFA where available - application patching - access reviews - secure application configuration - avoiding exposed admin interfaces - notifying CFTS of suspected compromise ## Related Documents - [Terms of Service](/10_Terms-of-Service/05_Terms-of-Service) - [Managed Services Addendum](/10_Terms-of-Service/15_Managed-Services-Addendum) - [Infrastructure SLA](/10_Terms-of-Service/20_Infrastructure-SLA) - [Backup and Restore Requests](/01_Client-Guidance/30_Backup-and-Restore-Requests) - [Security Overview](/01_Client-Guidance/45_Security-Overview)