-
Notifications
You must be signed in to change notification settings - Fork 0
Service Definition and Operating Model
Coding-Autopilot-System CI edited this page May 27, 2026
·
1 revision
Deliver a stable, auditable Cloud Security Service that enables secure, compliant, and resilient cloud workloads across Azure and hybrid environments.
- Measurable policy compliance and configuration hygiene
- Reduced risk exposure through timely detection and remediation
- Audit-ready evidence with defined ownership and retention
We do
- Define and manage security policy-as-code
- Operate detection and alerting with a tuning cadence
- Coordinate incident response and post-incident learning
- Provide audit evidence and risk reporting
We do not
- Own application runtime operations
- Create business application code
- Approve business risk on behalf of risk owners
- Application teams, platform engineering, security operations, risk and compliance
- Cloud Platform Engineering: landing zone standards, network patterns, identity baseline
- SOC / SecOps: alert triage, incident response workflows, detection tuning
- Enterprise Risk and Compliance: risk register, audit evidence, policy exceptions
- App teams: policy exceptions, onboarding, remediation tasks
- ITSM: change control, service requests, incident records
| Activity | Responsible | Accountable |
|---|---|---|
| Policy-as-code development | Cloud Security Service | Service Manager |
| Policy exception approval | Risk Owner | CISO Delegate |
| Incident response coordination | SecOps | Incident Commander |
| Logging/SIEM onboarding | Cloud Security Service | Service Manager |
| Audit evidence collection | Cloud Security Service | Service Manager |
- Service requests: onboarding, logging, access reviews, baseline validations
- Exceptions: policy exceptions, risk acceptance, compensating controls
- Changes: standard, normal, emergency change paths
- Incidents: triage, containment, eradication, recovery, lessons learned
- Strategic: governance, risk posture, audit readiness - quarterly cadence
- Tactical: policy management, detection tuning, exception handling - weekly cadence
- Operational: alert response, incident handling, access reviews - continuous