This document ensures there are clear roles around which team and person is responsible for system and critical network updates.

---

This document defines which departments, teams, and people are involved in the updates of systems, it does not define how those updates should take place. That is the responsibility of each team and department to define in correlation with the client agreement requirements.

---

VP of IT, Dir of IT, Senior IT Manager, vITMs, SOC, NOC, cloudIT Team, Client IT/Vendors, Project Team (Paid Project)

---

RACI: The RACI model is a tool used in project management to clarify roles and responsibilities for each task within a project. This model helps ensure clear communication and smooth workflows across all parts of a team by defining who is responsible for what, who needs to be consulted, and who needs to be kept informed. R: The person or people who do the work to complete the task. They are responsible for getting the work done or making the decision.

A: The person who is ultimately accountable for the task’s completion and the one who delegates the work to those responsible. There should only be one accountable person for each task.

C: The people who provide information and feedback needed to complete the task. They are typically subject matter experts.

I: The people who need to be kept informed about the progress and completion of the task. They are usually stakeholders or those affected by the outcome.

Zero Day Vulnerabilities: A security flaw in software or hardware that is unknown to the vendor at the time of disclosure and for which no patch or fix is immediately available. The term “zero-day” refers to the fact that the vendor has zero days to prepare a patch because the vulnerability has already been discovered or exploited by malicious actors. In this document it is assumed that a patch or remediation is present and for the RACI below it is the Security Team that is responsible for ensuring that zero day threats be managed as best as possible and to ensure patches and remediation steps are followed in a timely manner.

On-Premise Client Network Gear: Physical Client Network infrastructure, including Firewalls, Switches, Access points, Routers, VMware host servers, etc.

Cloud Network Gear: cloudIT network infrastructure operated by centrexIT and housed at the NFINIT datacenter.

Cloud Client Windows Servers: cloudIT virtual client servers sold to clients and hosted in the centrexIT cloud network infrastructure.

On-Premise Client Windows Servers: Physical or virtual windows OS servers located either on site at a client’s location or client’s datacenter or co-location outside of the centrexIT cloudIT services.

CentrexIT Business Network: The physical network at the centrexIT headquarters office in Poway, California. This includes the physical firewall, router, switches, and access points in Poway.

CentrexIT Cloud Production Network: cloudIT server infrastructure operated by centrexIT and housed at the NFINIT datacenter.

Non-Windows Client Servers: Physical or virtual non-windows servers located either on site at a client’s location or client’s datacenter or co-location outside of the centrexIT cloudIT services.

---

1. Use the following table to determine the correct responsible party for system updates:

Task	VP of IT	Dir of IT	Senior IT Manager	vITMs	SOC	NOC	cloudIT Team	Client IT/Vendors	Project Team (Paid Project)
Zero Day Vulnerabilities	A	C	C	C	R	C	C	I	C
On-Premise Client Network Gear	C	C	A	R	C	C	C	I	C
Cloud Network Gear	C	A	C	I	C	C	R	I	C
Cloud Client Windows Servers	C	C	C	A	C	R	C	I
On-Premise Client Windows Servers	C	C	C	A	C	R		I
CentrexIT Business Network	A	R	C	I		C	C	I	C
CentrexIT Cloud Production Network	C	A	C	I	C	C	R	I	C
Non-Windows Client Servers	C	C	C	A	C	C	C	R	C

---

1. Those responsible complete updates in a timely manner per their department SOPs. This sheet is only to be used as a refference for who should be doing each of those updates.