Cloud-based ICT services provide opportunities for agencies to achieve better value, flexibility and reliability, and make sustainable service delivery improvements. Evaluation of the opportunities provided by cloud services and particular delivery models will be undertaken by the agency in the context of their particular ICT portfolio and business needs.

The policy provides guidance for NSW Government agencies to determine which cloud delivery model is best suited to their business needs. This evaluation includes a number of key considerations, which are outlined in the policy.

• Cost-benefit: Moving to a cloud delivery model will have implications for the cost-benefit assessment in the development of business cases.
• Regulatory frameworks: Agencies are required to comply with a range of legislative frameworks concerning the security, privacy, access, storage, management, retention and disposal of government data and information.
• Risk management: Agencies are required to undertake a comprehensive risk assessment in relation to the storage and maintenance of public sector information and records by a cloud provider.
• Contract terms: It is recommended agencies develop a sound understanding of the fundamental issues to be addressed in cloud services contracts, including provisions relating to custody and ownership, security, privacy and access, and business continuity, data disposal and exit strategy.
• Skills and capabilities: The skills and capabilities required to deploy ICT as a service with a cloud based solution may decrease the demand for certain skill sets and increase the demand for others.
• Change management: The transition to an as-a-service model may have significant change implications. Moving to a cloud environment may require agencies to reconsider business design and enterprise architecture, particularly where cloud services interface with internal business processes and systems.
• Technical considerations: The use of a cloud services will require consideration of specific technical requirements including LAN, WAN and bandwidth, security, compatibility with the various browser technologies, and implications for longer term data integration.
• Standards: Consideration of open standards, security, interoperability, and data portability are recommended in order to reduce the risk of technology lock-in and inadequate data portability.
• Information management: Agencies will need to consider information management as a key element in the strategic planning and delivery of cloud services.

All NSW public sector chief executives are responsible for ensuring that this policy is applied within their agency. Oversight of the policy will be provided by the NSW Government ICT Board.

Direction

NSW Government agencies will evaluate cloud-based services when undertaking ICT procurements to determine the ICT delivery model that provides the best value sustainable investment, taking account of the full range of cost-benefit considerations.

Laurie Glenfield
Director General

The policy applies to all NSW Government departments, statutory bodies and shared service providers. The policy does not apply to State Owned Corporations; however, it is commended for adoption.