Proposed Terms of Reference for the NZ Cloud Code of Practice (#nzcloudcode)
Paul Matthews (NZCS)
Hi there,
Please find attached the proposed Terms of Reference for the development of the New Zealand Cloud Computing Code of Practice (#NZCloudCode).
These Terms of Reference have been worked through in detail by the sub-group established at the initial workshop (myself, Rod Drury, Vikram Kumar and Mark Rees).
Feedback on Terms of Reference
We’re now opening the Terms of Reference for consultation and feedback. This is only for a brief period (unless substantial issues are raised) due to the significant work already complete on this, tight timeframe in the process and open nature of the following stages of the project.
The Terms of Reference simply outline the process side of things – there will be far more consideration and consultation as the work gets underway. As you’ll see from the ToR, the implementation process outlined includes considerable formal and informal consultation and discussion throughout the entire process – for this to work it must be a collaborative process including all stakeholders.
If you have any comments, thoughts, suggestions or recommendations on the Terms of Reference please email them through to clou...@nzcs.org.nz before midnight this Sunday 2nd October 2011.
Resources and Funding
As with all good things in life, there is a cost to the development of the Code.
We wanted to point out that a large part of the cost is in ensuring that this is completed in full consultation with all stakeholders and that it is a fully collaborative process. While some of us could probably hide away and develop a code in a short period of time, we felt it absolutely imperative that this is a nationwide collaborative exercise completed professionally. NZCS will not be profiting from this work. (Quite the opposite – we will also be substantially contributing to the development).
As was indicated during the initial workshop, a number of organisations have indicated they are prepared to partially fund the development of the Code. We are now calling for those prepared to contribute to the development of this essential piece of work to please let me know directly (at c...@nzcs.org.nz) so we can add you to the Contributor’s list and take a step towards getting started.
This Code is an important step for New Zealand, and those who contribute will receive permanent recognition as a forward-looking organisation prepared to contribute to the development of the establishment of good practice in the Cloud space in New Zealand. As well as the significant exposure and advantage in New Zealand it’s likely this activity will receive global coverage once we get underway.
Aside from the recognition and exposure advantage in contributing, however, it’s also simply the right thing to do.
As mentioned in the Terms, work cannot commence until the budgeted contributions have been met. If your organization contributes or pledges funding for this project but it does not initiate due to the budget not being met a full refund will be provided.
Contracted Coordinator
The Coordinator we intend to contract for this work has been identified and is able to start immediately once the Terms of Reference have been finalized and budget secured.
We can start this work as early as next week subject to this, working on much of the ground work while the Steering Group is formed.
Progress from here
So all in all I’m glad to see we’re now at the point where the structure and process have been composed and we have a platform for development of the Code of Practice. I look forward to working with many of you as we move this project forward for the good of New Zealand.
The next step is agreement and finalization of these Terms of Reference and budgetary confirmation. Once this is complete the main work can commence.
Regards,
Paul Matthews BSc, MNZCS ITCP
Chief Executive
Phone: +64 4 473 1043 | Mobile: +64 21 705 212 | Twitter: @nzcspaul
L24, Grand Plimmer Towers, Gilmore Tce, Wellington
Visit us online at www.nzcs.org.nz
Independent ICT Professional Certification is HERE! Check out www.itcp.co.nz to find out more about ITCP - Information Technology Certified Professional. Just one more way NZCS is advancing the ICT profession in New Zealand.
Rod Drury
Thanks for your hard work putting this together Paul and team.
L24, Grand Plimmer Towers, Gilmore Tce, Wellington
Visit us online at www.nzcs.org.nz
Independent ICT Professional Certification is HERE! Check out www.itcp.co.nz to find out more about ITCP - Information Technology Certified Professional. Just one more way NZCS is advancing the ICT profession in New Zealand.
You received this message because you are subscribed to the Google Groups "NZ Cloud Computing Code of Practice Reference Group" group.
To post to this group, send email to nzclo...@googlegroups.com.
To unsubscribe from this group, send email tonzcloudcode...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nzcloudcode?hl=en.
<201109 Cloud Code ToR 0.93.pdf>
Rod Drury
CEO
rod....@xero.com | Telephone +64 4 819 4810 | Mobile +64 27 600 0007 | Fax +64 4 819 4801 Level 1, Old Bank, 98 Customhouse Quay, PO Box 24 537, Wellington 6142, New Zealand www.xero.com |
Paul Matthews (NZCS)
Thanks Rod, and great news about Xero’s support. J
Just a quick update to this group. I’ve been contacted by a huge range of organisations in the last day or so strongly supporting the concept of the Code. A number have also stepped up and pledged a financial contribution towards the costs and I’m glad to say we’re approaching fulfilling the budget for the initiative (although still have a wee way to go).
Very keen to hear further comments about the process as outlined in the Terms of Reference. The key component of this work is facilitating a transparent and fully collaborative process to achieve an outcome in line with the broad views of the sector and we’re very happy to be independently facilitating this.
If you have any comments or thoughts on the proposed Terms of Reference it’d be great if you could email then through to clou...@nzcs.org.nz.
Thanks again to those that have contacted me offering support for the initiative. It’s great to see so many prepared to support this project.
Thanks all. Assuming we’re keen to proceed, very much looking forward to getting underway.
Regards,
Paul Matthews BSc, MNZCS ITCP
Chief Executive
Phone: +64 4 473 1043 | Mobile: +64 21 705 212 | Twitter: @nzcspaul
L24, Grand Plimmer Towers, Gilmore Tce, Wellington
Visit us online at www.nzcs.org.nz
Independent ICT Professional Certification is HERE! Check out www.itcp.co.nz to find out more about ITCP - Information Technology Certified Professional. Just one more way NZCS is advancing the ICT profession in New Zealand.
Rizwan Ahmad, Director, Cloud Security Alliance NZ
Good work, I have consulted Cloud Security Alliance international and
have apprised them about the development. During my work with CSA, ITU-
T and CAMM we worked on deadlines and we slowly build up the research
database. UK has already developed CCOP and CSA is trying to get
standards enhancement through ISO and ITU-T. A recent development is
we are asked for audit standard by ITU-T to be completed by February.
With CSA, I was currently mapping NZISM on cloud control matrix.
The definition of cloud computing was out in 2009 by Peter Mell NIST,
followed by Cloud control matrix by CSA. While working in cloud audit,
we came out with questionnaires to assess the cloud provider. A
similar initiative was under taken by ENISA under the name of
CAMM(Common Assurance Maturity Model), a barometer for cloud provider
and cloud user maturity assurance. It was absorbed by CSA and now it’s
under CSA development.
NIST came out with two references on cloud computing 800-144 and
recent 500-292. Similarly they facilitated FEDRAMP, cloud model for
governments. ITU-T is trying to develop security and reference
architectures for cloud computing. At Use Case Group we developed a
synopsis document moving to Cloud http://cloudusecases.org/Moving_to_the_Cloud.pdf
So there is lot going on in the world.
To be honest, we are quite late, and I am grateful to Paul that he
initiated it and everyone followed.
Rizwan
Cloudsecurityalliance nz
On Sep 28, 9:53 pm, "Paul Matthews (NZCS)" <Paul.Matth...@nzcs.org.nz>
wrote:
>
> Please find attached the proposed Terms of Reference for the development
> of the New Zealand Cloud Computing Code of Practice (#NZCloudCode).
>
> These Terms of Reference have been worked through in detail by the
> sub-group established at the initial workshop (myself, Rod Drury, Vikram
> Kumar and Mark Rees).
>
> Feedback on Terms of Reference
>
> We're now opening the Terms of Reference for consultation and feedback.
> This is only for a brief period (unless substantial issues are raised)
> due to the significant work already complete on this, tight timeframe in
> the process and open nature of the following stages of the project.
>
> underway. As you'll see from the ToR, the implementation process
> outlined includes considerable formal and informal consultation and
>
> If you have any comments, thoughts, suggestions or recommendations on
> the Terms of Reference please email them through to
> Resources and Funding
>
> As with all good things in life, there is a cost to the development of
> the Code.
>
> We wanted to point out that a large part of the cost is in ensuring that
> this is completed in full consultation with all stakeholders and that it
> is a fully collaborative process. While some of us could probably hide
> away and develop a code in a short period of time, we felt it absolutely
> imperative that this is a nationwide collaborative exercise completed
> professionally. NZCS will not be profiting from this work. (Quite the
>
> Independent ICT Professional Certification is HERE! Check outwww.itcp.co.nz<http://www.itcp.co.nz/> to find out more about ITCP -
> advancing the ICT profession in New Zealand.
>
> 25KViewDownload
> 201109 Cloud Code ToR 0.93.pdf
Paul Matthews (NZCS)
This is excellent information, thanks for putting this first list together.
As we've discussed directly, the first major part of the exercise, once underway, is to analyse in depth the work that has been completed internationally to ensure we're not reinventing the wheel (unless we absolutely have to be of course).
Or at very least to see what prior work can be leveraged and ensuring we're advancing in New Zealand alongside other global work and initiatives.
While you are right in that a number of the issues this project is designed to address have already been considered in other jurisdictions, there are a number of other countries lagging behind as well. So much so, in fact, that I'm aware that our equivalent in several other countries are watching this project with interest to see if the outcome is relevant for them.
Put simply, it's quite conceivable that this project will contribute significantly on the global stage and may well end up being adopted in other countries. However let's focus on New Zealand first of course!
Anyway, looking forward to getting things underway and with the project team engaging with CSA and others as we progress this.
Regards,
Paul Matthews BSc, MNZCS ITCP
Chief Executive
Phone: +64 4 473 1043 | Mobile: +64 21 705 212 | Twitter: @nzcspaul
L24, Grand Plimmer Towers, Gilmore Tce, Wellington
Visit us online at www.nzcs.org.nz
Independent ICT Professional Certification is HERE! Check out www.itcp.co.nz to find out more about ITCP - Information Technology Certified Professional. Just one more way NZCS is advancing the ICT profession in New Zealand.
Rizwan
Cloudsecurityalliance nz
--
Rizwan Ahmad (Ryu taichi)
Paul Matthews (NZCS)
Thanks Rizwan,
I’ll make this my last email tonight as I’m acutely aware of not wanting to bombard everyone’s inbox, however I just wanted to reply and say you’re absolutely spot on and have highlighted one of the key drivers to the development of this project.
There’s a massive opportunity for New Zealand and our industry to deliver on the world stage, now more than ever before. However this is also driven by a need to ensure that we’re seen globally as a country that is safe to deal with and that has standards and safeguards in place.
It won’t do it on its own, but alongside privacy law, quality providers, innovation and security (political as much as technical) this Code, if researched and implemented correctly, will serve to show that New Zealand is serious about good practice and standards in the Cloud space.
Anyway, thanks again for your comments and goodnight for now!
Regards,
Paul Matthews BSc, MNZCS ITCP
Chief Executive
Phone: +64 4 473 1043 | Mobile: +64 21 705 212 | Twitter: @nzcspaul
L24, Grand Plimmer Towers, Gilmore Tce, Wellington
Visit us online at www.nzcs.org.nz
Independent ICT Professional Certification is HERE! Check out www.itcp.co.nz to find out more about ITCP - Information Technology Certified Professional. Just one more way NZCS is advancing the ICT profession in New Zealand.
From: nzclo...@googlegroups.com [mailto:nzclo...@googlegroups.com] On Behalf Of Rizwan Ahmad (Ryu taichi)
Sent: Thursday, September 29, 2011 11:18 PM
To: nzclo...@googlegroups.com
Kevin Prince
From my perspective I see there are a multiplicity of layers that need to be considered. Firstly there is the actual physical location in which the data and applications are held, then there are the security implications of that, the service and maintenance implications and finally the client access to the data.
I am happy that the first three are adequately covered by those who work in this area and must be transparent to the end-user. That is where I have a particular interest - if the moving of services to the cloud results in client Applications that are inaccessible or of inadequate usability then this is a major disadvantage top employees with assistive technology. For example, and it is I believe improving, early versions of Google docs looked visually like a local word processing application but keystroke access was severely limited and confusing (if you typed CTRL F to get to the file menu you, quite rightly, got the browser's file menu). Those of us on this list can understand the distinction and why that would be but Johnny-user doesn't.
Am I correct in expecting that the proposed TOR include this holistic approach?
Kevin Prince
Manager, Innovation and Development
Access, Innovation & Enterprise
Royal New Zealand Foundation of the Blind
Te Tuāpāpā o te Hunga Kāpō o Aotearoa
96 Bristol St
Christchurch
Phone: +64-3-375-4333
Fax: +64-3-355-9151
Mobile: +64-27-245-6687
For Adaptive Technology Helpdesk enquiries: call 0800-24-33-33
Website: http://www.rnzfb.org.nz
-----Original Message-----
From: nzclo...@googlegroups.com [mailto:nzclo...@googlegroups.com] On Behalf Of Rizwan Ahmad, Director, Cloud Security Alliance NZ
Sent: Thursday, 29 September 2011 10:44 p.m.
To: NZ Cloud Computing Code of Practice Reference Group
Rizwan
Cloudsecurityalliance nz
--
You received this message because you are subscribed to the Google Groups "NZ Cloud Computing Code of Practice Reference Group" group.
To post to this group, send email to nzclo...@googlegroups.com.
To unsubscribe from this group, send email to nzcloudcode...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nzcloudcode?hl=en.
Join us to Bake a Difference for Blind Week
Visit www.bakeadifference.org.nz or make a donation today
Blind Week 25-31 October 2011
#####################################################################################
This email, including any attachments, is intended solely for the addressee(s).
It is confidential and may be legally privileged. If you are not the intended recipient,
you must not copy, disclose, distribute or otherwise use it or the information in it.
Please notify the sender at once and delete it from your system immediately.
Any views or opinions expressed are solely those of the author and do not necessarily
represent those of the Royal New Zealand Foundation of the Blind. The Foundation does not
accept responsibility for any viruses or other malicious code that may be transmitted with this email.
#####################################################################################
Please consider the environment before printing this e-mail
Mark Rees
From a Microsoft standpoint looking at work like that which has already been done by bodies like CSA is an essential first step. If existing work can be well understood and supported for endorsement in New Zealand by cloud service providers and their customers that will be a positive step towards a consistency and quality of information, as well as harmonisation with the work that is going on around the world.
The harmonisation aspect is important not only for multinationals like Microsoft, but also for domestic suppliers who are either selling to multinationals in New Zealand, or exporting. That's why we've strongly supported the principle at the initial meeting that we should be careful not to re-invent the wheel, and only to make adjustments if they are absolutely necessary. At first blush is seems unlikely that the technical or policy issues will be different enough in New Zealand to demand a unique approach, but that is a task of the working group to examine in more depth.
Given the depth of work that has been done elsewhere it's unlikely that the work product will require an "owner", and to achieve broad recognition we think it's important that neither the process nor the outcome should be viewed as being proprietary to any one body or organisation.
We would also support Kevin's request for looking at accessibility issues for SAAS applications.
Mark
--
Dr Mark Rees | National Technology Officer | Microsoft New Zealand | 021 955 129