answer text |
<p>In order to establish the merits of storing government data with a contracted private
sector cloud company, departments should use the <a href="https://www.gov.uk/government/publications/technology-code-of-practice/technology-code-of-practice"
target="_blank">Technology Code of Practice </a>principles and follow the government
<a href="https://www.gov.uk/guidance/government-cloud-first-policy" target="_blank">Cloud
First policy</a>. Both of these policies provide clear guidelines of the things a
department should consider, recognising that there is not one single solution for
all departments.</p><p> </p><p>It is the responsibility of each government department
to take risk-based decisions about their use of cloud providers for the storage of
government data up to “OFFICIAL” level. When considering a commercial provider, departments
should take into account the cloud security principles developed by the National Cyber
Security Centre (<a href="https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles"
target="_blank">https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles</a>).</p><p>
</p><p>Finally, the solution must provide the best value for the taxpayer.</p>
|
|