Description | ISV Partner | Project Hosts |
Ensure that any ISV Partner personnel that will be accessing the environment to install, update or configure application software (tasks marked with an asterisk below) have training, authorization, and network access to be able to access the environment | R,A | C |
Review Source code (source code static + dynamic analysis) | R,A | I |
Package application for deployment and make available | R,A | I |
Develop installation / configuration instructions | R,A | C |
Develop system architecture documentation | C | R,A |
Document resource requirements (Servers, PaaS services, etc.) | R,A | C |
Develop and deliver training on the application | R,A | R,A |
Set up virtual machinesand Azure PaaS services | C | R,A |
Set up and maintain access control and firewall rules | C | R,A |
Set up, install, harden and maintain servers(OS and middleware) | C | R,A |
Set up, configure, harden and maintain database | C | R,A |
Install and configure application* | R,A | C |
Set up and configure SSO/SAML authentication | C | R,A |
Modify deployment to achieve the most secure configuration consistent with operational requirements | R | R,A |
Identify security vulnerabilities by monthly application scanning | C | R,A |
Apply updatesand fixes to servers/OS/database | C,I | R,A |
Develop fixes to application vulnerabilities | R,A | C,I |
Apply application fixes* | R,A | C,I |
Manage changes and maintain change ticket audit records | C | R,A |
Implement DR procedures when necessary | C,I | R,A |
Implement Incident Response when necessary | C,I | R,A |
Communicate Incident information to End Customers | R,A | C |
Create HITRUST Policies and Procedures | C,I | R,A |
Answer End Customer compliance questions and provide requested artifactual evidence | C,I | R,A |
Maintain HITRUST certification of the underlying PaaS | I | R,A |
Onboard new End Customers* | R,A | R |
Apply End Customer-specific configuration settings(e.g. account level options, branding, logos, templates, etc.)* | R,A | R,C |
Provision new ISV Partner users | A | R |
Provision new End Customer users | A | R |
Monitor server/PaaS resource usage | I | R,A |
Provide URLs for application monitoring | R,A | I |
Monitor application uptime | C,I | R,A |
Monitor resource usage | I | R,A |
Customer Support (Level 1)* | R,A | R,A |
Application support (Level 2 and 3)* | R,A | C,I |
System support (Level 2 and 3) | C,I | R,A |
RACI Matrix for ISV Deployments
Statement of whom is Responsible (R), Accountable (A), to be Consulted (C) or Informed (I)
for Software provided and managed by a Partner for use by an End Customer
for Software provided and managed by a Partner for use by an End Customer