Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It's easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Business changes from the cloud plan

Cloud plans affect most parts of organisations. It’s important to update the affected policies, classify information properly and, if needed, form a cloud adoption team.

Existing policies affected by your cloud plan

Your organisation’s cloud plan might impact:

codes of conduct in human resources
assurance and risk management frameworks
internet and social media policies
information security policies
bring-your-own-device (BYOD) and cloud computing policies — including policies for working remotely
acceptable use policies
frameworks and models for enterprise architecture.

Update existing policies using your cloud plan

Your cloud plan helps your organisation to have a strategy instead of being reactive to public cloud services.

In the same way, update your organisation’s other policies to be strategic instead of reactive. They should fit with the approach in your cloud plan.

Current approach to public cloud

To get to a point of maturity with using public cloud services, see how good your organisation is at:

Strong, partnership approach to public cloud

When your organisation strengthens its approach to public cloud services, you can move your information technology (IT) and security teams towards partnership approaches with business units.

Being close to the work and business needs, people in business units look for solutions that help. By listening to business units’ insights, IT and security teams can proactively seek out new public cloud services that meet the needs of 1 or more of the business units.

Train your people to classify information

This is a must-have for respectfully and responsibly using information for the NZ government and New Zealanders. Properly classifying information should already be actively done in the day-to-day life of your organisation.

To safely use public cloud services in your organisation, you need to know how to apply the Government Security Classification System.

Classify information

Importance of classifying information

Train your people to make wise decisions about classifying information. This affects your approach to security controls in public cloud services — such as setting up a meeting using video conferencing software.

Example of UNCLASSIFIED and IN-CONFIDENCE information in a video conference

Let your people use their judgement to decide when to:

allow guests, or lock down the meeting to internal staff because it may contain sensitive information
send out a link that allows anyone to join the meeting, or a link that asks for a login and password to prevent unknown people from joining.

Example of SENSITIVE and RESTRICTED information in a video conference

Set the security configurations so that certain features are turned off.

Form a cloud adoption team

As part of your cloud plan, it might make sense for your organisation to create a team for adopting public cloud services. The team works best by having members from different roles within your organisation, such as:

risk and security
information technology — for example, enterprise architects
finance
human resources
legal
procurement.

JavaScript is currently turned off in your browser — this means you cannot submit the feedback form. It's easy to turn on JavaScript — Learn how to turn on JavaScript in your web browser.

If you're unable to turn on JavaScript — email your feedback to govt.nz@dia.govt.nz .

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Last updated 10 October 2022