Department of Internal Affairs
Government Chief Digital Officer
The New Zealand government has a Cloud First policy. Government organisations must adopt public cloud services on a case-by-case basis, following risk assessments.
About public cloud services
Find out why and how government organisations use public cloud services to work more productively.
Help with public cloud services
Government organisations can get help with the different aspects of using public cloud services.
Risks assessments before using public cloud services
When and how to assess the risks of using public cloud services — including who approves it, sending certain risk documents to the Government Chief Digital Officer (GCDO) and using your risk assessment.
Information value for public cloud services
Questions 1 to 27 of the risk assessment tool — for the information you’re looking to use with a public cloud service, find out how important it is to your organisation, the NZ government and New Zealanders.
- How to check the information value
- Business and technical contexts of the information
- Classify information
- Criticality of the information
- Sovereignty over the information
- Privacy of the information
- Tips for right-sizing your risk assessment
- Decide if you need a risk discovery before using a public cloud service
Risk discovery for public cloud services
Questions 28 to 105 of the risk assessment tool — discover the risks to information security and privacy in a public cloud service, and identify the controls to manage them.
Technical guidance for public cloud services
Cloud characteristics, security templates, advice for vendors, and guides for optimising network capacity and managing updates on remote endpoints.