# Policy Overview The following policies describes how Sentinel can help address requirements relating to security and data privacy. The contents is not legal advice and Sentinel customers are responsible for seeking their own legal counsel to ensure that government and organizational requirements have been met. ### SOC 2 Responsibility Matrix {% hint style="info" %} Sentinel operates under a shared responsibility model in which it provides application-level security controls within the Sentinel software only. Sentinel does not have access to or visibility into client networks, operating systems, databases, or on-premise or hosted servers. Clients retain full responsibility for securing their infrastructure, including network security, server hardening, operating system patching, database security, access controls, backups, and monitoring. This delineation ensures clear accountability and aligns with SOC 2 Trust Services Criteria. {% endhint %} | Area | Sentinel Responsibility | Client Responsibility | | ---------------------------------------- | ------------------------------------- | -------------------------------------- | | Network Security | ❌ No access or visibility | ✅ Full responsibility | | On-Prem / Hosted Servers | ❌ No access or management | ✅ Full responsibility | | Operating Systems | ❌ No access or control | ✅ Full responsibility | | Database Server Security | ❌ No administrative access | ✅ Hardening, patching, access controls | | Application Server Security | ❌ No OS-level access | ✅ Configuration, patching, monitoring | | Data Encryption (In Transit / App Layer) | ✅ Supports open standards (e.g., TLS) | ✅ Enforces at network/OS/db layers | | Identity & Access Management | ✅ Application-level controls | ✅ Infrastructure & privileged access | | Backups & Disaster Recovery | ❌ Not managed | ✅ Full responsibility | | Logging & Monitoring | ✅ Application events | ✅ System, network, and DB logs | {% content-ref url="/pages/LEjKJrSwfwQj8rCGbcu6" %} [Data Privacy](/sentinel-help-center/resources/policies/data-privacy.md) {% endcontent-ref %} {% content-ref url="/pages/VCv8tNuUFxatJg0UUxiT" %} [Cloud Security](/sentinel-help-center/resources/policies/cloud-security.md) {% endcontent-ref %} {% content-ref url="/pages/IuA1vNtMxovyVigUAOIA" %} [Disaster Recovery](/sentinel-help-center/resources/policies/disaster-recovery.md) {% endcontent-ref %} {% content-ref url="/pages/L651RdyroAPxL0w8JMUQ" %} [Service Level Agreement](/sentinel-help-center/resources/policies/service-level-agreement.md) {% endcontent-ref %} {% content-ref url="/pages/ScHHhlfkOQtV4CQat2PQ" %} [Employees](/sentinel-help-center/resources/policies/employees.md) {% endcontent-ref %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sentinelsoftware.com/sentinel-help-center/resources/policies/policy-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.