Microsoft has published details of how Office 365 addresses key issues presented by the New Zealand Government CIO's Cloud Computing Risk and Assurance Framework.
The Kiwi Government Chief Information Officer (GCIO), who is based within the New Zealand Department of Internal Affairs, has responsibility for providing guidance on how the country’s government organisations should adopt cloud computing via the Cloud Computing Risk and Assurance Framework.
As part of this framework, the GCIO has published the document entitled “Cloud Computing: Security and Privacy Considerations”, which comprises 105 questions focused on security and privacy aspects of cloud services that are fundamentally related to the issue of data sovereignty, allowing agency Chief Executives to make a risk-based decision on using cloud services.
All State Service organisations must apply this framework when they are deciding on the use of a cloud service.
Microsoft New Zealand’s National Technology Officer, Russell Craig, says that the information provided will be of great assistance to the wide range of government organisations that are currently evaluating Office 365.
“Office 365 offers world-leading security and privacy protections for our customers, and its delivery from our Australian Azure data centre facilities alleviates any concerns they may have had about data sovereignty,” Craig says.
“To the best of our knowledge, Microsoft is the only vendor of cloud-based productivity solutions to have published such a comprehensive, detailed set of responses to the questions the GCIO has set out.
“We are very pleased to demonstrate how Office 365 sets the benchmark for providing government with a productivity solution that effectively addresses the security and privacy considerations that government agencies must address when moving to any cloud-based solution.
“If you represent a New Zealand government organisation, we are confident that this information will assist your analysis, and reassure you that your information will be in the safest possible IT environment.”
Craig says this information on Office 365 supplements the answers the company published in May about how Microsoft Azure addresses the same questions, as reported by Computerworld New Zealand.
Also, Craig notes that this framework does not define a New Zealand government standard against which cloud service providers must demonstrate formal compliance.
“Many of the questions in the framework do, however, point customers toward the fundamental importance of understanding cloud service providers’ compliance with a wide array of relevant standards,” he adds.
“This includes the approach they take to security and data privacy, the nature of their contractual commitments and what they do and don’t do with their customers’ data.”
Going forward, Craig says some government agencies are able to take up Office 365 straight away.