Risks assessments before using public cloud services
When and how to assess the risks of using public cloud services — including who approves it, sending certain risk documents to the Government Chief Digital Officer (GCDO) and using your risk assessment.
-
When to assess the risks of using a public cloud service
You need to assess risks when looking for or starting to use services — and when there are significant changes or new risks.
-
Assess the risks of using a public cloud service
Complete your risk assessment — to help with this, use your answers to the relevant questions in the tool for public cloud services.
-
Check who can approve the risk level
See your organisation’s policies to know who is authorised to accept risk at each level for an information system.
-
Send your risk documents to the GCDO
Send your completed questions from the risk assessment tool and signed endorsement form to the Government Chief Digital Officer (GCDO).
-
Use your risk assessment
Update your organisation’s risk registers and schedule future reviews of your information’s risks and security controls.
-
Tips for right-sizing your risk assessment
Match your time and effort on risk assessments to the information’s risk and value — here’s why and how.