Your thoughts wanted on Cloud Better Practice Guides
- 14
- Nov
We have been working with several lead agencies to develop Better Practice Guides on areas such as Security, Records Management, Privacy, Legal and Financial issues relating to cloud computing.
Below are links to the draft Better Practice Guides on the Privacy, Legal and Financial considerations agencies may face in cloud computing:
Privacy and Cloud Computing for Australian Government Agencies (draft)
- Privacy and Cloud Computing for Australian Government Agencies PDF 255KB
- Privacy and Cloud Computing for Australian Government Agencies DOC 453KB
Negotiating the Cloud – Legal Issues in Cloud Computing Agreements (draft)
- Negotiating the Cloud – Legal Issues in Cloud Computing Agreements PDF 395KB
- Negotiating the Cloud – Legal Issues in Cloud Computing Agreements DOC 489KB
Financial Considerations for Government use of Cloud Computing (draft)
- Financial Considerations for Government use of Cloud Computing PDF 236KB
- Financial Considerations for Government use of Cloud Computing DOC 133KB
I would be interested in your views on these drafts before we finalise them for release. Please make your comments via this blog or alternatively by email to aga@finance.gov.au before COB Friday 9 December 2011.
The above guides form part of the Cloud Framework that is a Stream One deliverable of the Australian Government Cloud Computing Strategic Direction Paper. We released the strategy paper, in April this year (2011), which positioned government agencies to choose cloud based services if they demonstrate value for money and are adequately secure.
The strategy paper indicated a three stream approach to the implementation of the Australian Government Cloud Computing Policy and outlined several deliverables (on page 23) including the development of Better Practice Guides for use by federal government agencies.
Thanks
Scott Wallace
loading...
I notice with concern that you require both my name and my email address. Interesting.
I am looking for your Better Practice Guide on records management? Am I missing it or is it not yet published?
loading...
Hi Mary,
The Records Management and the Cloud guide is available on the National Archives of Australia website.
Under the AGIMO Blog Moderation policy and process, you are asked to include a user name and an email address when you submit a comment. We do this as a means of reducing spam received from spambots. You don’t have to include your actual details; you may post under a pseudonym but make sure the email address follows a normal email address format, with a ‘@’ and a ‘.com’ or something similar.
Please be assured that, as detailed on our Privacy policy, we only use your personal information for the purposes for which you gave it to us. Your personal information will not be added to a mailing list or used or disclosed for any other purpose without your consent.
Scott
loading...
[...] Privacy and Cloud Computing for Australian Government Agencies (draft) (PDF 255kb) [...]
Hi Mary,
The National Archives of Australia developed the better practice guide on records management in the cloud. The guide can be found on the website here: http://www.naa.gov.au/records-management/agency/secure-and-store/naa-storage/rm-cloud/index.aspx
best regards
Ross
loading...
I would like to see more information about what are the business continuity implications from cloud computing.
loading...
Hi Linda,
Thanks for your comments. The three better practice guides that have been released here for comment are part of a set of guides that are being created to support agency use of cloud computing. Business Continuity will be discussed in the Business Management Better Practice Guide that will be released in the coming months.
Scott
loading...
Do you have any documentation on Recordkeeping considerations as yet? CAARA did some stuff on this as a draft, and I have been involved with some investigaitons and proof of concept work in the Commonwealth. RK ties in with security and privacy, and significant concerns include retention, disposal, custodianship, ownership, location and transfer of data. Additionally there are reqiurements for audit logs and recordkeeping obligations to be included in contracts relating to materials stored, control records and the management and ownership of any records created under the contract. Any Australian Government Cloud solution will need to address these things.
loading...
Hi Stuart,
The Records Management and the Cloud guide is available on the National Archives of Australia website at: http://www.naa.gov.au/records-management/agency/secure-and-store/naa-storage/rm-cloud/index.aspx
Scott
loading...
[...] three guides, available here, cover the legal, financial and privacy aspects of government use of the [...]
[...] 3 guides, accessible here, cover a legal, financial and remoteness aspects of supervision use of a [...]
There are so few suitable government applications for cloud computing, perhaps the guides should concentrate on those.
Cloud technology could be applied within computer systems under government control, but generally government data (and the data the government holds about its citizens) is not suitable for placing on a distributed, shared, global computer system.
loading...
Hi,
While I understand that every procurement may be different, and every project may have different hosting needs I feel it could be beneficial to include some boiler plate dot points for people to include in ATM (RFQ and RFT version) documentation.
The guides could also link off the relevant legislation (FMA, Privacy etc) where key points are discussed to help better assess what is relevant to them.
Otherwise they guidelines are simple and straight to the point. I have found them useful for identifying all the issues which I need to consider when sourcing a hosting solution.
Thanks.
loading...
We’ve just made our submission . In summary we agree with a number of the privacy risks associated with storing data outside of Australia as highlighted in the checklist. If anything, the risk is higher than stated in the document.
We believe that if the checklist were amended to require agencies to use data centres that are owned and operated by Australian companies and exclusively located in Australia, it would be a more complete answer to the risks flagged in the checklist.
loading...
Hi everyone,
Thank you for your comments on this blog and to those who have provided comment privately. The period for comment on the Privacy, Legal and Financial Better Practice Guides has now closed.
Should you still wish to comment, please do so here as we will continue to monitor comments to inform our future activities.
Scott
loading...
“Cloud Computing Roadmap: Legal Analytics Perspective and Analysis in Malaysia and Singapore ”
Jeong Chun phuoc, 16 Dec 2011
Both Internal Cloud Computing(ICC) and External Cloud Computing(ECC) options are being considered and implemented in Malaysia and Singapore for security reasons.
The U.S. Commerce Department’s National Institute of Standards and Technology(NIST) Cloud Computing Roadmap is being studied at both the Malaysian and Singaporean platforms for modification at national levels : Singapore Cloud Computing Roadmap and Malaysia Cloud Computing Roadmap.
Both Malaysia and Singapore’s Cloud Computing Roadmap manifests different and unique national IT defence security requirements and considerations.
Not all the strategic thrusts and terms as drafted in the NIST are conducive for national implementation in Malaysia and Singapore.
On a related discussion, the Open Cloud Computing system is being studied and redefined to see whether in the event of a cyber catastrophe, both the ICC and ECC or any other form of Cloud Computing ...
... technology and system could cope with the meltdown. The results are inconclusive from a Legal Analytics Perspective: I. Financial, II. Legal and III. Privacy considerations.
…………………………..
Jeong Chun Phuoc
Strategic Advocate in Data Protection and Policy Re-engineering (DPPr)
He can be reached at Jeongphu@yahoo.com
loading...
[...] November 2011, we released draft versions of the guides for public comment. Below, we now provide the links to the finalised versions of these guides. The guides have [...]
As pointed out in Privacy and Cloud Computing, security is a key concern with cloud computing applications. Really, though, cloud computing just accelerates already developing technologies. Renewed emphasis on security is a much needed requirement in the online world, with many people not being aware of their security vulnerabilities when working online. Eg. I’ve worked with several people recently who said they use the same password on every site. This is a recipe for serious information, privacy and financial vulnerability.
Online security literacy is a much needed skill Australians need to master: cloud computing just explodes the number of online apps we are exposed to.
loading...