Department of Internal Affairs Cloud computing considerations John Roberts Director, Relationship Management CRI Records Managers 11 June 2015.

Slides:

Advertisements

Similar presentations

IR Confidential & Proprietary Do Not Distribute Our Proposed IT Strategy (2006 – 2011) Developing Optimal IT Strategy Through Business Context, Applications,

Advertisements

HR Manager – HR Business Partners Role Description

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Viewpoint Consulting – Committed to your success.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Chapter 12 Strategies for Managing the Technology Infrastructure.

THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Enterprise Architecture

Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Facilities Management Category Management Plan Synopsis Version 1.1 (March 2015)

Proposed Whole of Government Direction for ICT Functional Leadership Workshop for monitoring departments 28 November 2013 John Roberts

1 Jon Whitfield Agency CEO Head of Government Internal Audit.

Effectively Explaining the Cloud to Your Colleagues.

Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.

Cloud Enabled Healthcare Presented by: Ron Parker and Stanley Ratajczak Emerging Technology Group Canada Health Infoway Inc. May 28, 2013Copyright © 2013.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

IBM Academic Initiative Skills for a Smarter Planet Cloud Computing John Schilt Lead, IBM Academic Initiative Australia / New Zealand

Technology for social justiceinfoxchange.org Delivering technology for social justice TDSA Conference August 2015 Building sector capability through the.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

1 expect the best Tuesday October 25, 2005 Service Management Organization Overview.

Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.

Partnership for Urban South Hampshire Sustainable Growth.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

The Challenge of IT-Business Alignment

The Coalition for Action on ICT enabled change in Europe.

EGovernment Ireland’s eGovernment Strategy Enda Holland, Department of Public Expenditure and Reform.

ICT Action Plan Refresh

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

Improving Integration of Learning and Management Systems Paul Shoesmith Director of Technical Strategy Becta.

Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.

Restructuring Mergers and CHANGE! Recordkeeping Advice Alice Patterson, Senior Advisor Government Recordkeeping Programme.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

National Information Assurance Strategy: New challenges, new responses Owen Pengelly Microsoft Public Sector Conference 30 September 2009.

EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.

Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *

5/18/2006 Department of Technology Services Security Architecture.

Enabling the Digital Campus

Information Technology Assessment conducted by BerryDunn Consulting for the UA System March 9, 2015.

25 Years and Beyond: The Benefits of Managing over 25 Year Old Records John Roberts, Group Manager Archives Management Archives New Zealand.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI strategy and Grand Vision Ludek Matyska EGI Council Chair EGI InSPIRE.

Joint Information Systems Committee Supporting Higher and Further Education Continuing Access and Digital Preservation: the JISC Strategy Neil Beagrie.

3/14/2016 © Crown Copyright. All rights reserved. Risk Managed Cloud Computing HMG IA Approach Ian McCormack TD IA Policy and Risk CESG.

FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.

G-Cloud - The Delivery of a Shared Computing Platform for Government Ian Osborne Director, Digital Systems KTN Intellect.

CLOUD-BASED VIDS A CIO’S PERSPECTIVE Stephen Alford, CIO WEP, Inc.

Basic Concepts Key Learning Points : The objectives of this chapter are as follows:  To provide an introduction to the basic Concepts of enterprise architectures,

UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.

Software as a Service (SaaS) Fredrick Dande, MBA, PMP.

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

Overview of SAP Application Services By Accely. Introduction Developed organizations in any business industry will invest in SAP programs to offer progressive.

The Department of Internal Affairs Keeping records in the cloud Patrick Power Manager, Government Recordkeeping Programme.

Agency Briefing - Overview

Department of Internal Affairs Disrupting Government Service Models Tim Occleshaw Government Chief Technology Officer Service and System Transformation.

© 2011 IBM Corporation IBM Cloud Computing Data en Cloud Computing Frank van der Wal, Technical Advocate.

Rob Byrd Chief Enterprise Architect Enterprise Architecture – A Citywide Service Delivery Strategy Aligning Information Technology Services to the Citizen.

Azure Stack Foundation

Partner Toolbox Cloud Infrastructure & Management

IPv6 within the Australian Government

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

Azure Allays Data Security and Privacy Concerns for Solution Provider’s Cloud-Wary Customers “With Microsoft Azure, Jedox can deliver advanced enterprise.

Continuity Guidance Circular Webinar

Policy on Transfer Payments Renewal

ICT Functional Leadership Government Information Group

SOUTH AFRICAN INSURANCE ASSOCIATION

Biosurveillance and the National Health IT Agenda

Sales operations Project support overview Presenter's Name

Presentation transcript:

Department of Internal Affairs Cloud computing considerations John Roberts Director, Relationship Management CRI Records Managers 11 June 2015

The brief … What records managers should be thinking about when looking at cloud based solutions? What issues we should be flagging with our organisations? Overview of the tools and templates available from DIA for assessing cloud computing solutions. The different levels of assessment that may be needed in different types of situations.

3 Context GCIO role Government ICT Strategy Cloud Computing requirements Process Guidance material Outline

4 OUR VISION A SINGLE, COHERENT ICT ECOSYSTEM SUPPORTING A RADICALLY TRANSFORMED PUBLIC SERVICE. It’s about: Working differently to transcend agency boundaries and deliver smarter, customer- centred services.

5 We work differently to transcend agency boundaries and deliver smarter, customer centred services. Integrated service delivery means that agency platforms, information and processes are shared and open by default. Supporting new services and enabling innovation across agencies. The three characteristics at the transformation's heart ICT functional leadership A Transforming opportunities C A system-wide approach B

We work differently to transcend agency boundaries and deliver smarter, customer centred services. Centrally guided, collaboratively delivered. Leading for the collective good, with an ecosystem-wide perspective. In order to reduce complexity, we’re building a foundation for:  Risk management  Investment prioritisation  Benefits realisation  Better information management. GCIO ICT functional leadership A

Integrated service delivery means that agency platforms, information and processes are shared and open by default. Agencies are able to CONSUME ECOSYSTEM CAPABILITIES. AGENCY SOLUTIONS are designed for system-wide benefits. A system-wide approach B

IndustryMinistersAgency Agencies are freed up to focus on core business Industry is an innovative integrator Informed government Transforming opportunities C

Government ICT Strategy

Refresh under way

What do we mean by Cloud? On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service Infrastructure aaS Platform aaS Software aaS Public Cloud Private Cloud Community Cloud

Department of Internal Affairs Archives’ preliminary advice It may be difficult for agencies to administer information kept in the cloud Cloud-based systems are not designed to manage information over long periods of time It is difficult to ensure that information is preserved It is also difficult to ensure information is disposed of properly when no longer required The proprietary interfaces and programming languages used by cloud service providers can make it difficult to transfer records to another environment. For these reasons we recommend that agencies using cloud-based systems have an appropriate exit strategy in place, before storing information in the cloud.

Department of Internal Affairs Meeting the Records Management Standard Access to records must be managed appropriately (4.1) – The GCIO Cloud guidance includes questions for vendors about who will have access to the information in the cloud service. Records must be accessible when required (4.2) – The GCIO Cloud guidance includes questions for vendors about availability, to ensure business requirements can be met by the cloud service. The value of records must be appraised (5.1) – The GCIO Cloud guidance includes an assessment of the value of the information stored in the cloud.

Department of Internal Affairs Meeting the Records Management Standard The correct statutory process for disposing of records must be followed (5.3) – The GCIO Cloud guidance covers the end of the information’s life cycle and disposal considerations. Records must be secure (6.1) – The GCIO Cloud guidance includes a number of considerations on the security of the information in the cloud service. Business continuity and disaster management planning must address the protection and salvage of records (6.5) – The GCIO Cloud guidance includes questions for vendors about their backup and recovery processes.

Department of Internal Affairs Assessment Process Use Government ICT Common capabilities where they exist Information risk assessment using Cloud Computing: Information Security and Privacy Considerations Excel template version available

Department of Internal Affairs Questions 1-27 cover The classification of the information (value, criticality, sensitivity) Presence of Personally Identifiable Information (privacy) Data sovereignty and reputational issues

Department of Internal Affairs Complete other questions as required based on the information risk If there is personal information, complete a Privacy Impact Assessment Ensure suitable expertise – In-house? – GCIO (ICT Assurance and/or Architecture) Register of agency cloud service reviews – Security and Related Services Panel

Department of Internal Affairs Sign-off CE (or delegate) and CSO or CISO sign off risks and mitigations Cloud Endorsement by Agency template Submit for GCIO review of appropriate sign-off, not of risk assessment

Department of Internal Affairs Some key points A case-by-case consideration CEs are responsible for the decision No information above RESTRICTED should be held in public cloud (whether onshore or offshore)

Department of Internal Affairs Some key questions Q2 – what are the business processes that are supported by the information? Q6 – who are the users of the information? Q11 – what would the impact on the business be if the integrity of the information was compromised? Q13 – what would the impact on the business be if the information were unavailable?

Department of Internal Affairs Q14-22: Data Sovereignty – the key issue for onshore/offshore considerations Q30 – will the agency retain ownership of its data? Q60-63: Encryption – does the use of encryption compromise recordkeeping requirements?

Department of Internal Affairs Q69-70: Data persistence – robust and demonstrable data destruction and disposal processes Q73-80:Data integrity, backup and archiving Q81 does the data backup and archiving strategy support the agency in meeting PRA and OIA obligations?

Creating better public services Getting the service experience right for the citizen in a digital world PERSONAL SECURE AND PRIVATE ACCESS ANYWHERE