Details of "cloud plans" submitted by government organisation to GCDO
D Watson made this Official Information request to Department of Internal Affairs
The request was partially successful.
From: D Watson
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services
and the government organisation that adopted them
Yours faithfully,
Dave
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
We are currently working on your Official Information Act request. We would like to discuss the question below:
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advice shared directly with individual organisations on adherence to the government 'cloud first' policy.
As it stands, it will be difficult to meet this part of your request without substantial collation or research, as there will be a significant amount of documentation within scope and collating this information will impact on the Department's operations. Accordingly, we may have to refuse it under section 18(f) of the OIA, which applies where the information cannot be made available without substantial collation or research.
There is a considerable amount of information on Digital.govt.nz that relates to how agencies can make their cloud adoption projects successful which you may be interested in: http://www.digital.govt.nz/standards-and...
If you require further information, we are able to provide you with a high-level summary of known obstacles to system level cloud adoption and a system level view of % of agency systems that are cloud enabled.
Please let us know by 24 May 2024.
Kind regards,
Olivia
show quoted sections
From: D Watson
Dear minadviceteam,
My reply doesn't seem to be posted. Yes a summary for that question is fine
Yours sincerely,
D Watson
From: D Watson
Dear minadviceteam,
Hi
You may not have seen my reply, a summary suggested by you is useful please.
In the interest of making my request easier answer by limiting what you need to collate, can you provide just the last three cloud plans and associated information please.
I am very aware of digital.govt.nz but it lacks actual material and is mainly guidance without any substantive examples or use cases showing how any agency has responded to the 'cloud first' policy and specifically what was provided to DIA GCDO in support of such cloud projects/upgrades/programmes.
Thanks in advance
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Please find attached an extension letter in relation to your Official
Information Act request.
Kind regards,
Olivia
Olivia Ryan (she / her) | Senior Advisor Ministerial and Official
Correspondence
Ministerial, Monitoring, and Capability Group
Toi Hiranga | Regulation and Policy
Department of Internal Affairs | Te Tari Taiwhenua
45 Pipitea Street | PO Box 6011, Wellington 6140 | [1]www.dia.govt.nz
[2]Logo-test
References
Visible links
1. http://www.dia.govt.nz/
From: D Watson
Dear Jeremy,
A little disappointing but I can understand that these things take time, I look forward to your response
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Please find attached the Department's response to your request. This will be followed by the remainder of the attachments.
Kind regards,
Olivia
show quoted sections
From: minadviceteam
Department of Internal Affairs
The second of three emails with the remainder of the documents.
Thanks,
Olivia
show quoted sections
From: minadviceteam
Department of Internal Affairs
The final of three emails with the remainder of the documents.
Thanks,
Olivia
show quoted sections
From: D Watson
Dear minadviceteam,
Wow. That is a lot of redaction. I am not sure I am any wiser about specific cloud product adoptions in NZ gov.
It is very hard to understand the suppliers and products that were reviewed.
A lot of work has obviously gone into risk assessment - well done -who had access to this detail ,how do they obtain it and do agencies submit their own risk assessment to you as part of adoption?
Do you offer any 'cloud plan' documents or guidance to gov agencies that can be used to inform their 'cloud plan' which I understand they are required to do? I guess what I am really asking is do agencies take on all the work themselves and reference your risk assessments or do you give specific guidance on what should be in their plans?
Thanks for all your work collating these. I look forward to your response to the above questions.
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Thank you for your follow-up questions. I have a provided a response to each of your questions below.
1. Who had access to this detail?
Department of Internal Affairs (DIA) provides risk assessments to agencies that consume services under the All of Government Information Communication Technologies Common Capability Agreements that we hold with specific suppliers.
2. How do they obtain it?
Agencies that consume, or subscribe to, services via one of the various All of Government Information Communication Technologies Common Capability Agreements, are provided risk assessments. Those that do not, may still request risk assessments however, in these cases agencies must completed a Non-Disclosure Agreement.
3. Do agencies submit their own risk assessment to you as part of adoption?
Agencies are not required to provide risk assessments to the All of Government Services Delivery team.
Please let us know if you have any further questions.
Kind regards,
Olivia
show quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence