The Department of Finance and Deregulation's Australian Government Information Management Office (AGIMO) has issued a series of 'better practices' guides for government departments and other federal bodies to help them navigate the legal, privacy and financial issues of Cloud computing.
"Cloud best practice guidance" was an outcome earmarked in the The Cloud Computing Strategic Direction Paper (PDF) issued by the department of finance in April 2011.
"Additional guidance will be prepared for agencies on other aspects of cloud computing as necessary," an AGIMO blog entry announcing the guides by Glenn Archer reads. "This may include areas such as governance of community clouds and further guidance on business management and procurement practices."
AGIMO unveiled the draft versions of the Cloud guides in November last year.
Privacy and Cloud Computing for Australian Government Agencies (PDF) outlines considerations relating to compliance with the Information Privacy Principles outlined in the Privacy Act when using Australian or off-shore Clouds.
Issues covered include those related to storage of data that may in jurisdictions with different information protection laws to Australia (the guide cites the USA PATRIOT Act as one piece of foreign legislation that may impact on the security of data stored in a Cloud); virtual or physical data segregation to prevent inadvertent disclosure or private information when multiple agencies' data is stored in a single Cloud; and the ability to permanent delete data, including provisions in contracts with Cloud service providers that they will comply with Information Privacy Principles outlined in the in the Privacy Act.
Negotiating the cloud – legal issues in cloud computing agreements (PDF) covers negotiating agreements with Cloud providers, including privacy, security, meeting data confidentiality requirements, records management, and auditing of Cloud computing arrangements, as well as managing Cloud contracts including performance management, ending Cloud computing arrangement (including transition of services) and dispute resolution.
The final guide (PDF) covers the financial aspects of Cloud computing for government agencies, including transitioning capital expenditure to operational expenditure and financial risks. It recommends agencies seek guidance on the "Transfer of an agency’s appropriations for capital expenditure to operational expenditure; Reallocation of departmental appropriations between operating and non-operating expenditure within a financial year; and obtaining approval for any operating losses."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.