Skip to main content

Risk discovery tool for public cloud services

The risk discovery tool has 2 stages with steps to help you identify risks and security controls to consider when using a public cloud service.

Download the risk discovery tool

Cloud Risk Discovery Tool (ZIP 1.1MB)

Help with the tool

To help with using the risk discovery tool, the Government Chief Digital Officer has:

The tool itself is not a risk assessment — it helps you discover and record the information needed to do a risk assessment.

If you were in the middle of using the previous tool, contact gcdo@dia.govt.nz.

Stages and steps to follow

Use the risk discovery tool to help make cloud-adoption decisions for your organisation.

  1. 1

    Security requirements — stage 1

    Fill in the worksheets for:

    1. business context
    2. screening questions.

    View the reports for generic:

    1. risks
    2. controls.

    These reports also help if you’re still trying to find a public cloud service that fits your situation.

  2. 2

    Detailed security controls — stage 2

    Answer the questions for the:

    1. agency — government organisation
    2. service provider.
  3. 3

    Review the report for gaps in security controls

    The report lists other generic controls worth considering for a public cloud service when you’re following your organisation’s risk assessment process.

    It’s not a complete list, but it gives you a strong base to build on. Always consider the risks related to your business context and the information you’re using.

Next step — use this information to help with your risk assessment

Public cloud services are no different from other information technology systems — you must assess the risk first. Continue working on your organisation’s risk assessment of the public cloud service.

Assess the risks of using a public cloud service

More information — Cabinet requirements

Cloud First policy

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated