Risk discovery tool for public cloud services
The risk discovery tool has 2 stages with steps to help you identify risks and security controls to consider when using a public cloud service.
Download the risk discovery tool
Cloud Risk Discovery Tool (ZIP 1.1MB)
Help with the tool
To help with using the risk discovery tool, the Government Chief Digital Officer has:
- guidance — risk discovery tool for public cloud
- unsorted questions — risk discovery for public cloud.
The tool itself is not a risk assessment — it helps you discover and record the information needed to do a risk assessment.
If you were in the middle of using the previous tool, contact gcdo@dia.govt.nz.
Stages and steps to follow
Use the risk discovery tool to help make cloud-adoption decisions for your organisation.
-
1
Security requirements — stage 1
Fill in the worksheets for:
- business context
- screening questions.
View the reports for generic:
- risks
- controls.
These reports also help if you’re still trying to find a public cloud service that fits your situation.
-
2
Detailed security controls — stage 2
Answer the questions for the:
- agency — government organisation
- service provider.
-
3
Review the report for gaps in security controls
The report lists other generic controls worth considering for a public cloud service when you’re following your organisation’s risk assessment process.
It’s not a complete list, but it gives you a strong base to build on. Always consider the risks related to your business context and the information you’re using.
Next step — use this information to help with your risk assessment
Public cloud services are no different from other information technology systems — you must assess the risk first. Continue working on your organisation’s risk assessment of the public cloud service.
Assess the risks of using a public cloud service
More information — Cabinet requirements
Utility links and page information
Last updated