Policy Overview
Application and Personnel Policies
The following policies describes how Sentinel can help address requirements relating to security and data privacy. The contents is not legal advice and Sentinel customers are responsible for seeking their own legal counsel to ensure that government and organizational requirements have been met.
SOC 2 Responsibility Matrix
Sentinel operates under a shared responsibility model in which it provides application-level security controls within the Sentinel software only. Sentinel does not have access to or visibility into client networks, operating systems, databases, or on-premise or hosted servers. Clients retain full responsibility for securing their infrastructure, including network security, server hardening, operating system patching, database security, access controls, backups, and monitoring. This delineation ensures clear accountability and aligns with SOC 2 Trust Services Criteria.
Area
Sentinel Responsibility
Client Responsibility
Network Security
❌ No access or visibility
✅ Full responsibility
On-Prem / Hosted Servers
❌ No access or management
✅ Full responsibility
Operating Systems
❌ No access or control
✅ Full responsibility
Database Server Security
❌ No administrative access
✅ Hardening, patching, access controls
Application Server Security
❌ No OS-level access
✅ Configuration, patching, monitoring
Data Encryption (In Transit / App Layer)
✅ Supports open standards (e.g., TLS)
✅ Enforces at network/OS/db layers
Identity & Access Management
✅ Application-level controls
✅ Infrastructure & privileged access
Backups & Disaster Recovery
❌ Not managed
✅ Full responsibility
Logging & Monitoring
✅ Application events
✅ System, network, and DB logs
Last updated