QAD Defense Cloud

Security & Compliance Architecture

QAD Defense Cloud environments are deployed using a shared responsibility architecture designed to align with federal cloud security frameworks and Department of Defense cloud deployment models.

Strategic Information Group provides deployment, configuration, and managed operation of QAD ERP environments operating within AWS GovCloud (US) infrastructure.

This architecture separates responsibilities between the Cloud Service Provider (CSP), the External Service Provider (ESP), and the client organization that owns and governs the data.

Cloud Service Provider (CSP)

The underlying cloud infrastructure for QAD Defense Cloud is provided by AWS GovCloud (US).

AWS serves as the Cloud Service Provider (CSP) responsible for operating the cloud platform infrastructure, including:

  • physical datacenters

  • hardware and virtualization layers

  • cloud networking services

  • infrastructure storage services

  • infrastructure security controls

AWS GovCloud provides the cloud infrastructure platform where systems operate and where data storage, processing, and transmission occur.

External Service Provider (ESP)

Strategic Information Group operates as an External Service Provider (ESP) responsible for the deployment and managed operation of the QAD application environment within AWS GovCloud infrastructure.

Strategic’s responsibilities include:

  • QAD ERP deployment and configuration

  • system administration and environment management

  • patch management and maintenance

  • monitoring and operational support

  • application-level security configuration

Strategic does not operate the underlying cloud infrastructure.

Data Security Responsibility

Security responsibilities follow a shared responsibility model.

Controlled Unclassified Information (CUI), where applicable, resides within the AWS GovCloud infrastructure boundary, where it is stored, processed, and transmitted.

Regulatory Alignment

The QAD Defense Cloud architecture and responsibility model follow the AWS shared responsibility model and are designed to align with federal cloud security frameworks used in U.S. Department of Defense environments.

These frameworks include:

  • NIST SP 800-171

  • CMMC Level 2

  • DFARS 252.204-7012

In this architecture:

  • AWS GovCloud serves as the Cloud Service Provider (CSP) responsible for the cloud infrastructure platform.

  • Strategic Information Group operates as an External Service Provider (ESP) responsible for deploying and managing the QAD application environment within that infrastructure.

Strategic Information Group does not operate a cloud service platform and therefore is not acting as the Cloud Service Provider under DFARS 252.204-7012(d).

Cloud Deployment Model

In this model:

  • The client organization owns and governs the data

  • Strategic manages the application environment

  • AWS provides the cloud infrastructure platform