Shared Responsibility Model

1. Introduction

The security, availability and proper management of the hosting services provided by Mercanza are based on a model of shared responsibility between Mercanza and the customer.

The purpose of this document is to explain, clearly and transparently, the general division of responsibilities applicable to shared hosting services, virtual private servers (VPS) and dedicated servers, enabling customers to understand which aspects are managed by Mercanza and which are the customer’s responsibility.

This document is for information and guidance purposes only. In the event of any discrepancy, the terms set out in the contract, service level agreements (SLAs) and annexes signed between the parties shall always prevail.

2. Principles of the shared responsibility model

  • The security and proper use of the service require the active cooperation of both Mercanza and the customer
  • The division of responsibilities varies depending on the type of service contracted
  • Mercanza is responsible for the infrastructure and core services that support the hosting environment
  • The customer is responsible for the management, configuration and use of the resources they administer
  • The customer retains ownership and responsibility for their data and content at all times

3. Levels of responsibility

Responsibilities are organised in layers, which allows for a clear definition of each party’s areas of responsibility:

  • Physical facilities: data centres, access control, power and climate control
  • Infrastructure: hardware, network, storage and virtualisation
  • Base platform: services managed by Mercanza where indicated
  • Applications: software installed or managed by the customer
  • Data and content: information hosted or processed on the systems
  • Access and credentials: users, passwords and permissions
  • Compliance and use: lawful use in accordance with applicable regulations

4. Allocation of responsibilities by type of service

Shared hosting

Mercanza’s Liability

  • Physical data centre, physical network and physical hosts.
  • Operating system and shared hosting platform.
  • Network and security controls for the shared environment.

Shared responsibility (Supplier / Customer)

  • Identity and directory infrastructure, where applicable.
  • Applications provided as part of the service.

Customer Responsibility

  • Hosted information and data
  • Accounts, identities and login credentials
  • Use and configuration of available applications

Virtual private servers (VPS)

Mercanza’s Liability

  • Physical data centre, physical network and physical hosts
  • Virtualisation infrastructure and connectivity

Shared responsibility (Supplier / Customer)

  • Configurable network controls and security mechanisms
  • Identity and directory infrastructure, where applicable

Customer Responsibility

  • Server operating system
  • Applications, configurations and data
  • Account, identity and access management

Customer Responsibility

  • Operating system and software
  • Network controls and logical security configuration
  • Applications, data, identities and access

The following table provides a visual representation of the shared responsibility model:

Shared Responsability Model

5. Information security

Mercanza implements appropriate technical and organisational measures to protect the infrastructure and services it manages, in accordance with industry best practice.

The customer is responsible for implementing the necessary security measures for the systems, applications and data under their control, including ensuring that they are correctly configured, updated and that access is properly protected.

6. Data protection and regulatory compliance

With regard to the protection of personal data, the allocation of responsibilities complies with the applicable regulations, in particular the General Data Protection Regulation (GDPR).

The specific obligations of each party, including the roles of data controller and data processor where applicable, are set out in the contract and its relevant annexes.

7. Exclusions and clarifications

  • This document does not constitute a contract nor does it give rise to any additional obligations
  • It does not imply automatic certification of regulatory compliance
  • Mercanza accepts no liability for incidents arising from incorrect configurations, misuse or software managed by the customer
  • The scope of liability may vary depending on the services and options contracted
Cookies Configuration

At Mercanza we take your privacy seriously. Please learn all about our Privacy Policy.

You also have all the necessary information about our Cookie Policy.