Welcome!

SAP Authors: Liz McMillan, Jnan Dash, Mat Mathews, PR.com Newswire, David Smith

Blog Feed Post

PACR : GovCloud Audit framework for the Public Sector

PACR is the name for a new OASIS group we are helping start, standing for Public Administration Cloud Requirements, aka ‘Government Cloud Computing’.

The need for this framework can be seen in a number of government procurement areas, the idea is to help others re-create the ‘G-Cloud’ type model implemented in the UK.

In the case of the E-Health Cloud strategy for Canada, on page 45 they note:

“It is important to note that health care specific cloud requirements and standards have yet to be developed, but could potentially be leveraged from other industries.”

This is the purpose of the PACR group, to provide a single point for accessing this collection of resources. You can read more about the project agenda here and the work items that will be produced.

For the E-Health Cloud document this is one part of the major section 8 – Privacy and Security Concerns and Considerations, and encompasses aspect such as:

  • Cloud Sourcing - Using standardized GovCloud reference models like ‘Private Cloud’ or ‘Public Cloud’ to specify the appropriate Cloud configurations.
  • Industry reference documents, such as the Cloud Controls Matrix from the Cloud Security Alliance to ensure best practices for security are applied
  • Due diligence of Cloud Providers - Governments need a standard way to assess Cloud providers and rate them against their information security requirements.
  • Location of PHI (Personal Health Information).
  • Risk Management Frameworks and Transparency - The report recommends that Cloud buyers should consider the development of a formal risk management framework specific to cloud computing environments.

This framework and its associated tools and methodologies can be used as part of the initial cloud provider due diligence and subsequent monitoring and compliance process.


Read the original blog entry...

More Stories By Cloud Ventures

The Cloud Ventures Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net