...
AWS is responsible for “security of the infrastructure” — AWS is an Infrastructure-as-a-Service provider, and is responsible for protecting the infrastructure and all its services in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Datalink is responsible for “security of the platform” — Datalink is a Platform-as-a-Service provider, and as such it develops its software and configures its AWS infrastructure and services to host its software. Datalink is responsible for the security of its software, the configuration of the infrastructure that runs the software, and the provision of related services such as its service desk operation. Datalink acts as a processor of the customer information it holds. It has various assurance programs including ISO 27001, penetration tests and monitoring to maintain its security.
The Customer is responsible for “security in the platform” — each customer is allocated its own instance of the platform where it can independently configure parts of the system, store its data and authorise its users to access the data. The customer is responsible its conduct within its own instance, as well as security decisions made by its users. For example, customers can control the creation of events, positions, competencies as well as grant users authorisation, set policies for acceptable behaviour and so on. Users can access data based on authorisation decisions made by customer administrators. The customer is responsible for the conduct, training, monitoring and decisions of its users within the platform. The customer also owns their its own data and is responsible for the maintaining the privacy of PII within that data.