> ## Documentation Index
> Fetch the complete documentation index at: https://tero-0926be64-video-walkthrough.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Shared Responsibility

> Control ownership between Tero and customers in hosted and self-hosted deployments.

export const securityEmail = "security@usetero.com";

<Badge>Last reviewed: March 5, 2026</Badge>
<Badge>Owner: Security + Engineering</Badge>
<Badge>Review cadence: Quarterly</Badge>
<Badge color="green">Status: Implemented</Badge>

This page defines who owns each control in each deployment model.

## Reviewer focus

* Which controls are Tero-owned vs customer-owned
* How baseline integration traffic flows between customer systems and Tero
* Where customers commonly add stricter controls

## Implementation status (March 5, 2026)

Tero supports two deployment models:

* Tero-hosted control plane
* Self-hosted control plane in customer-managed infrastructure

Control ownership changes by model at the infrastructure and network layers.

## Scope and integration boundary

* Baseline integration model is customer-initiated outbound API traffic over HTTPS.
* Baseline operation does not require vendor-initiated inbound connectivity into customer environments.
* Identity policy inside the customer IdP remains customer-owned in both models.

## Ownership model diagram

```mermaid theme={null}
flowchart LR
    subgraph Hosted[Tero-hosted]
      H_INFRA[Infrastructure + Network: Tero]
      H_APP[Application Controls: Tero]
      H_IDP[IdP Policy: Customer]
      H_DATA[Retention + Deletion Ops: Tero]
    end

    subgraph SelfHosted[Self-hosted]
      S_INFRA[Infrastructure + Network: Customer]
      S_APP[Application Controls: Tero Software + Customer Runtime]
      S_IDP[IdP Policy: Customer]
      S_DATA[Retention + Deletion Ops: Customer Runtime]
    end
```

## Responsibility matrix

| Control area                               | Tero-hosted           | Self-hosted                                             |
| ------------------------------------------ | --------------------- | ------------------------------------------------------- |
| Infrastructure security and patching       | Tero                  | Customer                                                |
| Network perimeter and private connectivity | Tero-managed baseline | Customer                                                |
| Identity provider policy (IdP side)        | Customer              | Customer                                                |
| Application authn and authz implementation | Tero                  | Tero software with customer runtime controls            |
| Secrets and key administration             | Tero-managed services | Customer-managed services                               |
| Data retention and deletion operations     | Tero                  | Customer-operated runtime with product-defined behavior |
| Incident response for platform operations  | Tero                  | Customer for environment ops, Tero for product support  |
| Subprocessor management                    | Tero                  | Customer (for customer-chosen stack)                    |

## Where customers tighten controls

* Self-hosted deployment for full environment ownership
* Customer IdP policy enforcement for authentication lifecycle controls
* Destination allowlisting and private routing in customer networks
* Customer-selected AI provider path where required

## Go-live checklist (recommended)

1. Confirm identity and role mapping model.
2. Confirm network allowlisting and routing requirements.
3. Confirm data handling and retention expectations.
4. Confirm incident communication paths and named contacts.

## Evidence you can request

| Topic                                 | Primary evidence                                                                                                                       |
| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| Ownership split by deployment model   | Current page                                                                                                                           |
| Architecture and trust boundary       | [Security Architecture](/trust/architecture)                                                                                           |
| Data handling scope and storage model | [Overview](/trust/overview), [Data Handling](/trust/controls/data-handling)                                                            |
| Encryption and key management         | [Encryption and Key Management](/trust/controls/encryption-key-management), [Encryption Standard](/trust/policies/encryption-standard) |

## Exceptions and governance

If a control allocation does not match customer policy requirements, Tero and the customer document the gap, agree on compensating controls, and define a time-bound resolution plan before production use.

Evidence requests: [{securityEmail}](mailto:\{securityEmail})
