Shared Responsibility Model

The first factor in looking at the shared responsibilities, is the Nextworld services the customer is using. Nextworld offers software as a service (SaaS) in the form of our ERP solutions, and Nextbot’s no code platform as a service (PaaS). The diagram to the right illustrates who is responsible for what based on the control area and the services used by you, the customer. In general, you are responsible for the information entered or created in your Nextworld environment and who accesses the environment and how. Nextworld is responsible for protecting the information within the cloud infrastructure.

Screenshot 2022 03 09 at 11 13 48
Customer Responsibilities

Controls that are the sole responsibility of the customer.

  • Data flow definition and classification – Data inventory, classification, labeling and retention.
  • User access – Account management, role & permission assignment, and multi-factor authentication.
  • Device protection – Antivirus protection, acceptable use policies, mobile device management, remote work policies.
Shared Responsibilities

Controls that Nextworld and the customer have responsibility for depending on the context of the control.

  • Application controls – Nextworld is responsible for the securing the code base, processing integrity within the applications, and change management on the base product. The customer is responsible for configurations made in the ERP solution and processing integrity and change management they develop in Nextbot.
  • Security awareness and training – Nextworld trains Nextworld staff, while customers are responsible for the training of their staff.


Nextworld Responsibilities

Controls that are the responsibility of Nextworld.

  • Infrastructure – Operating systems, runtime services, and database management
  • Network controls – Encryption, load balancing, auto-scaling, geo-location restrictions.
  • Data backup and recovery – Database backups, storage and recovery procedures.
  • Physical security – Access and environmental protections of the data centers and hardware. Nextworld leverages world class infrastructure service providers that provide the physical and environmental protections.