The Australian Government releases its new Cloud Computing Policy - moving from 'may' to 'must'
The Commonwealth Government released its updated cloud computing policy - Australian Government Cloud Computing Policy – Smarter ICT Investment, Version 3.0 October 2014.
The Commonwealth Government has released its updated cloud computing policy, Australian Government Cloud Computing Policy – Smarter ICT Investment, Version 3.0 October 2014 (Policy).
The Policy sets out the Commonwealth's new 'cloud first' policy and is intended to stimulate the take up of cloud computing1 by Commonwealth government agencies.
Under the Policy, 'non-corporate' Commonwealth entities (such as government departments and most other Commonwealth agencies, but excluding Commonwealth bodies corporate) are required to replace any existing information communication and technology (ICT) services with cloud based services where such services:
- are fit for purpose
- offer the best value for money (as defined by the Commonwealth Procurement Rules)
- provide adequate management of risks to information and to ICT assets (as required by the Commonwealth's Protective Security Policy Framework (PSPF)).
The Policy marks a further step from the 'may choose' language of 2011's Australian Government Cloud Computing Strategic Direction paper and the 'explicit obligation to consider' in last year's Australian Government Cloud Computing Policy to a 'must adopt'2 stance, subject to the considerations referred to above.
The Policy's goal is to drive the use of cloud ICT services in the Commonwealth public sector to 'reduce costs, lift productivity and develop better services'. The Policy requires non-corporate Commonwealth entities to:
- use ICT refresh trigger points (including planned system implementations and upgrades) as opportunities to evaluate cloud services
- adopt public cloud services for testing and development needs and for hosting public facing websites
- evaluate private, community, public or hybrid cloud services for operational systems as defined by information requirements
- consider opportunities to develop/adopt cross entity or portfolio cloud services and/or build on initiatives established by other entities
- comply with relevant legislative and regulatory requirements and select cloud services commensurate with the requirements of the information
- update the Agency Solutions Database after acquiring a cloud service
- use the extensive existing Australian Government guidance on ICT (including the Australian Government strategies, policies, better practice guides and frameworks for ICT) to assist in the evaluation of cloud based ICT options.
What are the implications for Commonwealth entities that are not 'non-corporate entities' as specifically covered by the Policy? We would suggest such entities should consider whether they have any opportunity to comply with the Policy, even if not explicitly required by the Policy to do so. Similarly, Commonwealth funded entities, such as tertiary education institutions, might consider whether it would be expedient to examine opportunities to align themselves with the Policy's objectives.
With this new Policy the Commonwealth is declaring its intent and desire to drive the adoption of cloud computing at the Commonwealth level. The Policy expresses the view that there is much room for increased take up of and expenditure on cloud computing by Commonwealth agencies. The Commonwealth cites statistics showing cloud procurements through AusTender since July 2010 have totalled approximately $4.7 million, a small proportion of the approximately $6 billion that the Commonwealth spends on ICT annually.
Accordingly, the new Policy potentially represents a significant opportunity for the providers of ICT services, so long as they and their potential customers can clear the 'fit for purpose' and PSPF hurdles.
As with the 2013 policy, the new Policy sets out some actions for the Attorney General's Department and the Departments of Finance and Communications, to continue driving the cloud agenda, to be implemented over 2014/2015.
_____________
1. Note the Commonwealth has adopted the US Government's National Institute of Standards and Technology definition of "Cloud Computing" – see page 8 of the Policy
2. See the Foreword to the Policy from the Minister for Finance and the Minister for Communications.
Keep up to date with our legal insights and events
Sign upRecent articles
Amendments to the ACT's Building and Construction Industry (Security of Payment) Act 2009
By Pria O'Sullivan, and Susan Guo
Recent updates to the Australian Capital Territory’s Building and Construction Industry (Security of Payment) Act 2009.
What all Victorian Government personnel need to know about OVIC’s recent statement on ChatGPT
By Robert Gregory, Georgia Hunt, and Jack Curran
Generative AI, including ChatGPT is becoming common in all facets of personal, professional and public life.
A step closer to mandatory climate-related disclosure
By Ron Smooker, Rosamond Sayer, Samantha Murphy, and Joseph Fox
The Treasurer introduced the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024.
Gomeroi v Santos: New guidance on good faith negotiation, and the relevance of climate change
By Susanne Rakoczy, and Larissa Svetlov
We explore Gomeroi People v Santos NSW Pty Ltd and Santos NSW (Narrabri Gas) Pty Ltd [2024] FCAFC 26 (Gomeroi Appeal).
Partner
Melbourne