How vendors fill in the risk discovery tool for public cloud services
Vendors of public cloud services need to complete certain questions in the risk discovery tool created by the Government Chief Digital Officer (GCDO).
Risk discovery tool for public cloud
When government organisations are planning to use a public cloud service, they need to use the GCDO’s tool to help them discover and record information needed to do the risk assessment.
Some of these questions need to be answered by the vendor — also called a service provider or supplier.
Consider joining Pae Hokohoko Marketplace
The questions in the risk discovery tool are also required when joining Marketplace as a supplier.
Becoming a supplier on Marketplace helps government organisations discover and procure your services.
Which questions to fill in
You can see which questions vendors need to complete in the:
Ways to record your answers
Vendors can record their answers to the questions in the tool in either:
- the risk discovery tool for public cloud services
- their own document for recording them.
Example — Microsoft’s response
You can see how Microsoft answered the questions in their own document for recording them.
If your service is built using another provider’s services
You need to answer the questions for your service, and send or refer to the third-party provider’s answers to the same questions.
Example — sending your answers and the third-party provider’s
Your company has built a service on top and using components of a third-party provider’s services.
To the government organisation looking to use your service, send them:
- your answers
- the third-party provider’s answers.
Contract clauses should allow your answers to the questions to be shared within the New Zealand public sector.