Skip to main content

Business changes from the cloud plan

Cloud plans affect most parts of organisations. It’s important to update the affected policies, classify information properly and, if needed, form a cloud adoption team.

Existing policies affected by your cloud plan

Your organisation’s cloud plan might impact:

  • codes of conduct in human resources
  • assurance and risk management frameworks
  • internet and social media policies
  • information security policies
  • bring-your-own-device (BYOD) and cloud computing policies — including policies for working remotely
  • acceptable use policies
  • frameworks and models for enterprise architecture.

Update existing policies using your cloud plan

Your cloud plan helps your organisation to have a strategy instead of being reactive to public cloud services.

In the same way, update your organisation’s other policies to be strategic instead of reactive. They should fit with the approach in your cloud plan.

Current approach to public cloud

To get to a point of maturity with using public cloud services, see how good your organisation is at:

Strong, partnership approach to public cloud

When your organisation strengthens its approach to public cloud services, you can move your information technology (IT) and security teams towards partnership approaches with business units.

Being close to the work and business needs, people in business units look for solutions that help. By listening to business units’ insights, IT and security teams can proactively seek out new public cloud services that meet the needs of 1 or more of the business units.

Train your people to classify information

This is a must-have for respectfully and responsibly using information for the NZ government and New Zealanders. Properly classifying information should already be actively done in the day-to-day life of your organisation.

To safely use public cloud services in your organisation, you need to know how to apply the Government Security Classification System.

Classify information

Importance of classifying information

Train your people to make wise decisions about classifying information. This affects your approach to security controls in public cloud services — such as setting up a meeting using video conferencing software.

Example of UNCLASSIFIED and IN-CONFIDENCE information in a video conference

Let your people use their judgement to decide when to:

  • allow guests, or lock down the meeting to internal staff because it may contain sensitive information
  • send out a link that allows anyone to join the meeting, or a link that asks for a login and password to prevent unknown people from joining.
Example of SENSITIVE and RESTRICTED information in a video conference

Set the security configurations so that certain features are turned off.

Form a cloud adoption team

As part of your cloud plan, it might make sense for your organisation to create a team for adopting public cloud services. The team works best by having members from different roles within your organisation, such as:

  • risk and security
  • information technology — for example, enterprise architects
  • finance
  • human resources
  • legal
  • procurement.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated