Shared responsibility using Templafy

This article provides an overview of the responsibilities between Templafy, the customer and Microsoft Azure. 

Microsoft Azure is used as Templafy's cloud service provider. Templafy is responsible for creating the SaaS on top of the PaaS offering provided from Microsoft. The customer is the user of the SaaS product from Templafy. 

Below the RACI matrix summarizing the distribution of responsibilities between these three actors. 

Customer information and data

Customer Information and Data is any data, digital assets, documents, objects and any other information that the Templafy customer uploads into the Templafy platform or provides in accordance with the provision of Templafy services.

Data ownership is ultimately in the hands of the customer; therefore, they are responsible for their own information and data. The customer provides Templafy with data according to the Templafy General Terms and Conditions Agreement (SaaS agreement). Customer admins determine which user profile data elements are processed by Templafy and modifiable by end-users. 

Templafy is accountable for example for adequately classifying and handling customer data and for retaining and disposing of it in a secure manner. 

Microsoft Azure is not involved in any way in this matter.

Identity and Access Management

To authenticate to the system interface, Templafy supports just-in-time user-provisioning and SSO on-boarding against ADFS, SAML2, WS federation, Google Authentication (OAuth 2.0), Microsoft Entra ID (including OpenID Connect).

Customers are responsible for:

• Providing accurate and complete information and documentation regarding their own authentication method for authentication setup.
• Protecting established user IDs, passwords, and other credentials within their organizations, including appropriate safeguards for devices running Templafy applications
• Maintaining their own signing certificate for SSO authentication methods and ensuring Templafy’s technical operation teams receive the updated certificate no later than three weeks before expiration
• Reviewing access to their Templafy tenant periodically to validate the appropriateness of access levels, including any third-party access they may have granted.
• Removing terminated or unwanted user accounts from the system either manually with the use of the deletion feature made available by Templafy or through SCIM in a timely manner.
• Ensuring the appropriateness of designated administrators and maintaining a low administrator count according to the principle of least privilege

Templafy has a formal, documented user account and access provisioning in place to assign and revoke access rights to systems and applications. Templafy is responsible for:

• Allocating access on a least privilege basis
• Managing access to customer data according to the least privilege principle and contractual requirements from customer
• Monitoring access

Microsoft Azure is not involved in any way in this matter

Application

Templafy is a business enablement Software-as-a-Service (SaaS) platform that provides document creation, collaboration, productivity and email signature tools (Templafy Services) for users of Microsoft Office and Google Suite, supporting every step of the document creation workflow.

Customers should be informed of any changes in the platform, along with any potential security events that might affect the application layer.

Templafy is responsible for the implementation, the maintenance, the security and the support of the application. This is done for example by:

• Continuously scanning and remediating vulnerabilities
• Collecting application logs
• Developing, testing and implementing application code changes

Microsoft Azure is not involved in any way in this matter.

Data storage

Templafy has a multi-tenant architecture that is designed with tenant isolation to segregate and restrict Customer Data access based on business needs. The architecture provides logical data separation for different customers via customer-specific unique identifiers (IDs) and allows the use of customer and user role-based access privileges.

The customer should be informed of any changes related to how and where data is stored, given that they are the owners of such data.

Templafy is responsible for databases since they need to ensure that data is dealt with in accordance with the terms agreed on with the Cloud Service Provider (Microsoft Azure) and the Cloud Service Customer. This is done for instance by:

• Configuring based on industry best practices
• Allowing access only through Managed Identities and Active Directory User Accounts
• Implementing encryption protocols for data at rest and in transit
• Managing activity logs

Microsoft Azure is the owner of the physical/virtual databases and is therefore responsible for the physical security of resources and implementing the configuration set by Templafy.

Operating system

Templafy uses secure OS configurations deployed via Kubernetes. Templafy leverages hardened Azure Public Compute Images for servers. Templafy continuously monitors all resources deployed in the Azure environment in conformity to Azure best practices, CIS, ISO27001 and SOC 2 compliance requirements and applies applicable recommendations after review by the security guild.

The customer is not involved in any way in this matter.

Templafy is accountable for ensuring that the software runs on the latest version of the operating system. 

Microsoft Azure is responsible for providing updates to the operating system.

Network and Firewall configuration

Templafy service network is protected adequately with Firewall, IDS and DDoS protection service. Templafy regularly assess the security posture of service network/infrastructure and introduce security enhancements/controls accordingly.

The customer needs to be informed of any changes affecting them in this layer. 

Templafy is responsible for configuring any custom settings to industry best practice. 

Microsoft Azure is responsible to configure the virtual network Templafy creates which is built on top of the physical Azure network fabric Azure manages. The Azure cloud security framework takes responsibility for the security configuration of its managed services that Templafy uses such as Azure Kubernetes Service (AKS), Container Instances, SQL, Data Lake Storage, Blob Storage, and others.

Product infrastructure

Templafy uses Azure Virtual Network (VNet) as part of our private network in Azure. VNet facilitates communication among many types of Azure resources like for example Azure Virtual Machines, the Internet, and on-premises networks. 

The customer should simply be informed of any changes on the product infrastructure that might impact the service. 

Templafy  is responsible to configure and monitor its own product infrastructure. 

Microsoft Azure is responsible for the virtual layer of the cloud. They should ensure that logical access to the underlying network and virtualization management software for the cloud architecture is appropriate. They should also implement logical access security over protected information assets, they register and authorize new internal and external users whose access is administered by the entity. Additionally, they are in charge of authorizing, modifying and removing access, based on roles and responsibilities. Finally, they should ensure that logical and physical access is discontinued only after the ability to read or recover data and software from those assets is revoked or is no longer required to meet the entity’s objectives.

Physical layer

The Templafy solution is hosted on Microsoft Azure infrastructure, which is part of Microsoft Data Centers. The data center controls are implemented, operated and maintained by Microsoft.

Customers and Templafy should be informed of any significant changes or issues that might occur on a physical layer level.

Microsoft Azure is responsible for the physical layer of the cloud. They should:

• Restrict physical access to the data center facility to authorized personnel
• Implement physical security perimeters to safeguard sensitive data and information systems
• Monitor the data center facility 24/7
• Securely decommission and physically destroy all production media prior to leaving the data center
• Perform external vulnerability assessments and investigate and resolve potential identified issues
• Develop, review and test business continuity and disaster recovery procedures