Cloud Services

 

OVIC supports Victorian Public Sector organisations’ adopting cloud solutions (in line with the Victorian Government Information Technology Strategy Victorian Government 2016-2020) to meet their business objectives. 
 
When considering a cloud solution, organisations are advised to follow our five-step action plan when protecting Victorian public sector information that will be storedprocessed or transmitted in the cloud: 
  
1.        Identify the information. 
2.        Determine the value of the information. 
3.        Identify any risks to the information – encompassing recordkeeping, privacy, freedom of information and information security requirements.
4.        Apply security measures to protect the information. 
5.        Manage the risks across the information lifecycle. 
  
As part of this planning, organisations are, amongst other things, expected to pay particular attention to

  • • The organisation’s enabling legislation – does it permit the use of cloud?
  • • The laws applying in the jurisdictions in which the information will be stored, processed or transmitted as well as the laws applying to the owning company jurisdictions; and
  • • The need for strong contract clauses protecting the confidentiality, integrity and availability of the information.

  

The former Commissioner for Privacy and Data Protection produced a discussion paper in 2015 – “Cloud Computing in the Victorian Public Sector” that provided an overview of cloud computing relevant to a wide range of public sector managers working in various roles across government. A copy of the paper can be found here.


These actions need to occur in a transparent and accountable way that maintains equivalent privacy, security, record keeping and freedom of information safeguards as if the solution was located within the organisation’s physical premises.