Develop and implement a cloud plan
Agencies must have a plan for how they intend to use cloud services. This section also highlights some of the ICT operating model changes agencies will need to consider.
Cabinet requires agencies to have a cloud plan
Initially, these plans may be standalone documents or included in agency Information Strategy Strategic Plans (ISSPs). Over time, the expectation of the Government Chief Information Officer (GCIO) is that all cloud plans will be included in ISSPs.
Why is a cloud plan required?
It is to encourage agencies to take a strategic approach to adopting cloud services. It is also an opportunity for CIOs and their teams to engage with senior executives and contribute to strategic planning within their agency.
What to put in your cloud plan
Cloud plans should primarily describe how agencies intend to use cloud services to support major business improvements to enhance the customer experience, improve effectiveness and efficiency, streamline operations, or create new delivery models.
The initial advice to agencies when developing their cloud plans is to consider the following:
- Business strategy – how do public cloud services align with existing agency strategies (e.g. Four year ISSPs or similar, and digital strategies), and how will these services be used to support major business improvements? Be sure to consider a sector approach.
- Risk appetite – what is the agency’s risk appetite for consuming public cloud services in the context of privacy, jurisdiction, security and legislative considerations?
- Governance and identity – how will data governance, including identity and access management, be applied across multiple public cloud services?
- Enterprise architecture and technology architecture considerations – how will the opportunity of cloud services influence your organisation’s enterprise architecture and technology strategy, and what technology and process changes does your organisation need to make to consume cloud services safely.
- ICT operating model – what is the target operating model for your ICT function and what is the plan to transition to this model?
- Organisational maturity – which supporting functions within your agency need to lift their maturity to support adopting public cloud services (e.g. commercial, legal, architecture, IT security)?
- Operational processes – how will your agency take a systematic approach to adopting public cloud services, including managing risks associated with services adopted without involving an IT team (shadow cloud)?
- Roadmap – what are the top-priority public cloud services for your agency and what is the timeframe for their adoption?