Details of "cloud plans" submitted by government organisation to GCDO
D Watson made this Official Information request to Department of Internal Affairs
The request was partially successful.
From: D Watson
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services
and the government organisation that adopted them
Yours faithfully,
Dave
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
We are currently working on your Official Information Act request. We would like to discuss the question below:
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advice shared directly with individual organisations on adherence to the government 'cloud first' policy.
As it stands, it will be difficult to meet this part of your request without substantial collation or research, as there will be a significant amount of documentation within scope and collating this information will impact on the Department's operations. Accordingly, we may have to refuse it under section 18(f) of the OIA, which applies where the information cannot be made available without substantial collation or research.
There is a considerable amount of information on Digital.govt.nz that relates to how agencies can make their cloud adoption projects successful which you may be interested in: http://www.digital.govt.nz/standards-and...
If you require further information, we are able to provide you with a high-level summary of known obstacles to system level cloud adoption and a system level view of % of agency systems that are cloud enabled.
Please let us know by 24 May 2024.
Kind regards,
Olivia
-----Original Message-----
From: D Watson <[FOI #26791 email]>
Sent: Tuesday, May 14, 2024 3:18 PM
To: OIA <[DIA request email]>
Subject: Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
[You don't often get email from [FOI #26791 email]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentific... ]
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services and the government organisation that adopted them
Yours faithfully,
Dave
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #26791 email]
Is [DIA request email] the wrong address for Official Information requests to Department of Internal Affairs? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: D Watson
Dear minadviceteam,
My reply doesn't seem to be posted. Yes a summary for that question is fine
Yours sincerely,
D Watson
From: D Watson
Dear minadviceteam,
Hi
You may not have seen my reply, a summary suggested by you is useful please.
In the interest of making my request easier answer by limiting what you need to collate, can you provide just the last three cloud plans and associated information please.
I am very aware of digital.govt.nz but it lacks actual material and is mainly guidance without any substantive examples or use cases showing how any agency has responded to the 'cloud first' policy and specifically what was provided to DIA GCDO in support of such cloud projects/upgrades/programmes.
Thanks in advance
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Please find attached an extension letter in relation to your Official
Information Act request.
Kind regards,
Olivia
Olivia Ryan (she / her) | Senior Advisor Ministerial and Official
Correspondence
Ministerial, Monitoring, and Capability Group
Toi Hiranga | Regulation and Policy
Department of Internal Affairs | Te Tari Taiwhenua
45 Pipitea Street | PO Box 6011, Wellington 6140 | [1]www.dia.govt.nz
[2]Logo-test
References
Visible links
1. http://www.dia.govt.nz/
From: D Watson
Dear Jeremy,
A little disappointing but I can understand that these things take time, I look forward to your response
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Please find attached the Department's response to your request. This will be followed by the remainder of the attachments.
Kind regards,
Olivia
-----Original Message-----
From: OIA <[email address]>
Sent: Tuesday, May 14, 2024 4:09 PM
To: minadviceteam <[email address]>
Cc: PlanningPerformanceandSupport <[email address]>; OIA <[email address]>
Subject: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Tçnâ koutou Team,
The Department has received the below request on 13/05/2024.
Please reference OIA2324-0969 - WATSON in your response, which is due to the requester by 11/06/2024.
If this response needs to go to the Minister’s office for no-surprises notification, please update the date in the weekly update.
Acknowledgement to be sent by business unit.
Ngâ mihi
Vishesh Jain | Co-ordinator | Workplace Services Advice
He Ringa Manaaki | Workplace Services Group
He Pou Aronui | Organisational Capability & Services
Te Tari Taiwhenua | Department of Internal Affairs
45 Pipita Street |PO Box 805, Wellington 6140 New Zealand
http://www.dia.govt.nz/ | Facebook | LinkedIn
Good afternoon Dave
-----Original Message-----
From: D Watson <[FOI #26791 email]>
Sent: Tuesday, May 14, 2024 3:18 PM
To: OIA <[DIA request email]>
Subject: Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
[You don't often get email from [FOI #26791 email]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentific... ]
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services and the government organisation that adopted them
Yours faithfully,
Dave
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #26791 email]
Is [DIA request email] the wrong address for Official Information requests to Department of Internal Affairs? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: minadviceteam
Department of Internal Affairs
The second of three emails with the remainder of the documents.
Thanks,
Olivia
-----Original Message-----
From: minadviceteam
Sent: Wednesday, July 24, 2024 4:41 PM
To: [FYI request #26791 email]
Subject: RE: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Good afternoon Dave,
Please find attached the Department's response to your request. This will be followed by the remainder of the attachments.
Kind regards,
Olivia
-----Original Message-----
From: OIA <[email address]>
Sent: Tuesday, May 14, 2024 4:09 PM
To: minadviceteam <[email address]>
Cc: PlanningPerformanceandSupport <[email address]>; OIA <[email address]>
Subject: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Tçnâ koutou Team,
The Department has received the below request on 13/05/2024.
Please reference OIA2324-0969 - WATSON in your response, which is due to the requester by 11/06/2024.
If this response needs to go to the Minister’s office for no-surprises notification, please update the date in the weekly update.
Acknowledgement to be sent by business unit.
Ngâ mihi
Vishesh Jain | Co-ordinator | Workplace Services Advice
He Ringa Manaaki | Workplace Services Group
He Pou Aronui | Organisational Capability & Services
Te Tari Taiwhenua | Department of Internal Affairs
45 Pipita Street |PO Box 805, Wellington 6140 New Zealand
http://www.dia.govt.nz/ | Facebook | LinkedIn
Good afternoon Dave
-----Original Message-----
From: D Watson <[FYI request #26791 email]>
Sent: Tuesday, May 14, 2024 3:18 PM
To: OIA <[DIA request email]>
Subject: Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
[You don't often get email from [FYI request #26791 email]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentific... ]
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services and the government organisation that adopted them
Yours faithfully,
Dave
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FYI request #26791 email]
Is [DIA request email] the wrong address for Official Information requests to Department of Internal Affairs? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: minadviceteam
Department of Internal Affairs
The final of three emails with the remainder of the documents.
Thanks,
Olivia
-----Original Message-----
From: minadviceteam
Sent: Wednesday, July 24, 2024 4:45 PM
To: '[FYI request #26791 email]' <[FYI request #26791 email]>
Subject: RE: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
The second of three emails with the remainder of the documents.
Thanks,
Olivia
-----Original Message-----
From: minadviceteam
Sent: Wednesday, July 24, 2024 4:41 PM
To: [FYI request #26791 email]
Subject: RE: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Good afternoon Dave,
Please find attached the Department's response to your request. This will be followed by the remainder of the attachments.
Kind regards,
Olivia
-----Original Message-----
From: OIA <[email address]>
Sent: Tuesday, May 14, 2024 4:09 PM
To: minadviceteam <[email address]>
Cc: PlanningPerformanceandSupport <[email address]>; OIA <[email address]>
Subject: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Tçnâ koutou Team,
The Department has received the below request on 13/05/2024.
Please reference OIA2324-0969 - WATSON in your response, which is due to the requester by 11/06/2024.
If this response needs to go to the Minister’s office for no-surprises notification, please update the date in the weekly update.
Acknowledgement to be sent by business unit.
Ngâ mihi
Vishesh Jain | Co-ordinator | Workplace Services Advice
He Ringa Manaaki | Workplace Services Group
He Pou Aronui | Organisational Capability & Services
Te Tari Taiwhenua | Department of Internal Affairs
45 Pipita Street |PO Box 805, Wellington 6140 New Zealand
http://www.dia.govt.nz/ | Facebook | LinkedIn
Good afternoon Dave
-----Original Message-----
From: D Watson <[FYI request #26791 email]>
Sent: Tuesday, May 14, 2024 3:18 PM
To: OIA <[DIA request email]>
Subject: Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
[You don't often get email from [FYI request #26791 email]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentific... ]
Dear Department of Internal Affairs,
I wish to better understand NZ Government use of cloud services and the uptake of such services through GCDO negotiated agreements.
Please provide any "cloud plans" that were shared with the GCDO in the past 3 years. Agencies are required to have such plans for cloud adoption per digital.govt.nz
Please provide any security , risk or privacy assessments of any NZ or international cloud service providers that DIA or relevant government organisatins have undertaken (directly or indirectly through vendors) in the past 3 years including any reports into the integrity or suitability of these providers, detailing any concerns wrt. security, risk or privacy of NZ government use of these services. This should include all correspondence with these cloud service providers relating to assessments of audits of their services and mitigation of any related risks or issues relating to the providers service.
Can GCDO provide any insight into the success or failure of cloud adoption projects by government organisations in the past three years including any advise shared directly with individual organisations on adherence to the government 'cloud first' policy.Please provide a list showing services and the government organisation that adopted them
Yours faithfully,
Dave
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FYI request #26791 email]
Is [DIA request email] the wrong address for Official Information requests to Department of Internal Affairs? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: D Watson
Dear minadviceteam,
Wow. That is a lot of redaction. I am not sure I am any wiser about specific cloud product adoptions in NZ gov.
It is very hard to understand the suppliers and products that were reviewed.
A lot of work has obviously gone into risk assessment - well done -who had access to this detail ,how do they obtain it and do agencies submit their own risk assessment to you as part of adoption?
Do you offer any 'cloud plan' documents or guidance to gov agencies that can be used to inform their 'cloud plan' which I understand they are required to do? I guess what I am really asking is do agencies take on all the work themselves and reference your risk assessments or do you give specific guidance on what should be in their plans?
Thanks for all your work collating these. I look forward to your response to the above questions.
Yours sincerely,
D Watson
From: minadviceteam
Department of Internal Affairs
Good afternoon Dave,
Thank you for your follow-up questions. I have a provided a response to each of your questions below.
1. Who had access to this detail?
Department of Internal Affairs (DIA) provides risk assessments to agencies that consume services under the All of Government Information Communication Technologies Common Capability Agreements that we hold with specific suppliers.
2. How do they obtain it?
Agencies that consume, or subscribe to, services via one of the various All of Government Information Communication Technologies Common Capability Agreements, are provided risk assessments. Those that do not, may still request risk assessments however, in these cases agencies must completed a Non-Disclosure Agreement.
3. Do agencies submit their own risk assessment to you as part of adoption?
Agencies are not required to provide risk assessments to the All of Government Services Delivery team.
Please let us know if you have any further questions.
Kind regards,
Olivia
-----Original Message-----
From: D Watson <[FOI #26791 email]>
Sent: Friday, July 26, 2024 12:26 PM
To: minadviceteam <[email address]>
Subject: RE: New Incoming Official Information request - Details of "cloud plans" submitted by government organisation to GCDO
Dear minadviceteam,
Wow. That is a lot of redaction. I am not sure I am any wiser about specific cloud product adoptions in NZ gov.
It is very hard to understand the suppliers and products that were reviewed.
A lot of work has obviously gone into risk assessment - well done -who had access to this detail ,how do they obtain it and do agencies submit their own risk assessment to you as part of adoption?
Do you offer any 'cloud plan' documents or guidance to gov agencies that can be used to inform their 'cloud plan' which I understand they are required to do? I guess what I am really asking is do agencies take on all the work themselves and reference your risk assessments or do you give specific guidance on what should be in their plans?
Thanks for all your work collating these. I look forward to your response to the above questions.
Yours sincerely,
D Watson
-----Original Message-----
The final of three emails with the remainder of the documents.
Thanks,
Olivia
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #26791 email]
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence