Risk discovery tool for public cloud services
The risk discovery tool has 2 stages with steps to help you identify risks and security controls to consider when using a public cloud service.
Download the risk discovery tool
Help with the tool
To help with using the risk discovery tool, the Government Chief Digital Officer has:
- guidance — risk discovery tool for public cloud
- unsorted questions — risk discovery for public cloud.
The tool itself is not a risk assessment — it helps you discover and record the information needed to do a risk assessment.
If you were in the middle of using the previous tool, contact firstname.lastname@example.org.
Stages and steps to follow
Use the risk discovery tool to help make cloud-adoption decisions for your organisation.
Security requirements — stage 1
Fill in the worksheets for:
- business context
- screening questions.
View the reports for generic:
These reports also help if you’re still trying to find a public cloud service that fits your situation.
Detailed security controls — stage 2
Answer the questions for the:
- agency — government organisation
- service provider.
Review the report for gaps in security controls
The report lists other generic controls worth considering for a public cloud service when you’re following your organisation’s risk assessment process.
It’s not a complete list, but it gives you a strong base to build on. Always consider the risks related to your business context and the information you’re using.
Next step — use this information to help with your risk assessment
Public cloud services are no different from other information technology systems — you must assess the risk first. Continue working on your organisation’s risk assessment of the public cloud service.