Australian Government Architecture
Search

Type

Policy

Reference

.

Mandate

Endorsed

Status

Core

Responsible agency

Digital Transformation Agency

Cloud Computing policy

This policy describes the requirements for entities planning digital investments involving cloud computing.

Applicability

Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT Investment Oversight Framework (IOF).

Commonwealth entities are encouraged to apply this policy to all digital investments.

Policy requirements

  • Comply with legislation

    An entity must comply with any legislation relevant to its circumstances.

  • Align to guidelines and standards

    All Commonwealth entities must comply with the Hosting Certification Framework to ensure cloud computing facilities are hosted in certified tenancies/data centres, as well as any other mandatory frameworks, policies, and standards.

  • Develop strategic documentation for the cloud

    An appropriate set of guiding documents must be developed within entities undertaking cloud-based investments, and should include a cloud strategy, cloud policy, and implementation plan(s).

  • Incrementally adopt cloud computing services

    A step-by-step approach to refining and enhancing cloud computing services, starting with low-complexity services and progressively maturing, will allow entities to optimise practices when requirements evolve.

  • Avoid customisation by using cloud services ‘as they come’

    Changing of business processes to align to cloud offerings, rather than developing or customising technology suit existing processes, is critical to realise the benefits of cloud services.

  • Automate where suitable

    Automation enables support teams to focus on the more complex requirements that are unique to their business by minimising the effort and need to provision, configure, backup, restore, patch, update, and deploy services.

  • Take a risk-based approach to cloud security

    Entities continue to be responsible for their own assurance and risk management of cloud services and must manage this risk as appropriate.

  • Monitor the health and usage of services in real time

    Entities must have visibility of their cloud usage, cloud health and enable them to control costs. Entities should refer to the Cloud Financial Operations Policy and Standard.

  • Recognise emerging cloud computing trends

    Understanding cloud trends will assist entities to adapt and innovate. Considerations include hybrid and multi-cloud approaches, edge computing, real-time infrastructure, cloud security, FinOps, sustainability initiatives, and GenAI infrastructure.

  • Procure via the Cloud Marketplace

    The Cloud Marketplace on BuyICT has been designed to meet the complex needs of government agencies who are looking to easily source value-for-money cloud solutions.

  • Adhere to reuse principles

    Entities must give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.

Capabilities

This policy includes requirements that relate to the following capability.
CAP3

Cloud Computing

Standards

The following standards show what to do to satisfy this policy.

Cloud Computing standard

STA64
Cloud computing provides a service for government, underpinned by a dynamically growing marketplace, which can increase the agility, flexibility, and speed of delivery for digital services. It removes the big upfront investments in technology to enable scaling up or down quickly. This provides much…

Designs

The following designs can be relevant to meeting the requirements of this policy.

Cloud Marketplace

DES15
The Cloud Marketplace is a digital sourcing arrangement for cloud computing offerings to government, as managed by the Digital Transformation Agency. The marketplace operates as a cooperative panel arrangement, with sellers being appointed through an initial open approach to market and…

Digital Sourcing Cloud Contract Templates

DES55
The Digital Transformation Agency (DTA) provides digital sourcing contract templates that make it easier for government agencies to set up contracts with suppliers. To source cloud services, it is recommended that buyers use the Cloud Marketplace in the first instance. This marketplace is…

Blueprint for Secure Cloud

DES23
The Blueprint for Secure Cloud (previously known as the Protected Utility Blueprint) is an online tool to support the design, configuration and deployment of collaborative and secure cloud and hybrid workspaces, with a current focus on Microsoft 365. The Blueprint provides better practice guidance…

Cloud Assessment and Authorisation

DES107
Direct link: www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/cloud-security-guidance/cloud-assessment-and-authorisationLead agency: Australian Cyber Security CentreLast updated: 18 January 2024  The Cloud Assessment and Authorisation publication is…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.