Risks assessment for public cloud services
How to assess the risks of using public cloud services in your government agency and how to use your risk assessment.
-
When to assess the risks of using a public cloud service
You need to assess risks when looking for or starting to use services — and when there are significant changes or new risks.
-
Risk discovery tool for public cloud services
The risk discovery tool has 2 stages with steps to help you identify risks and security controls to consider when using a public cloud service.
-
Cloud Jurisdictional Risk guidance
This guidance provides advice from the digital, privacy, and security System Leaders about potential jurisdictional risks associated with the use of cloud service providers.
-
Assess the risks of using a public cloud service
Complete your risk assessment — to help with this, use your answers to the relevant questions in the tool for public cloud services.
-
Check who can approve the risk level
See your organisation’s policies to know who is authorised to accept risk at each level for an information system.
-
Send your risk documents to the GCDO
Send your completed questions from the risk assessment tool and signed endorsement form to the Government Chief Digital Officer (GCDO).
-
Use your risk assessment
Update your organisation’s risk registers and schedule future reviews of your information’s risks and security controls.
-
Tips for right-sizing your risk assessment
Match your time and effort on risk assessments to the information’s risk and value — here’s why and how.
-
How vendors fill in the risk discovery tool for public cloud services
Vendors of public cloud services need to complete certain questions in the risk discovery tool created by the Government Chief Digital Officer (GCDO).
-
Create or improve your organisation’s process for assessing risks
Use your organisation’s approved process, but there might be situations when your organisation is developing or improving the process and need an example template.
