AGIMO DRAFT REPORT ON CLOUD SERVICE PROVIDER CERTIFICATION REQUIREMENTS. AIIA Response

Size: px
Start display at page:

Download "AGIMO DRAFT REPORT ON CLOUD SERVICE PROVIDER CERTIFICATION REQUIREMENTS. AIIA Response"

Transcription

1 AGIMO DRAFT REPORT ON CLOUD SERVICE PROVIDER CERTIFICATION REQUIREMENTS AIIA Response 10 February 2013

2 INTRODUCTION AIIA welcomes the opportunity to provide comment on AGIMO s draft report on cloud service provider certification requirements. AIIA Cloud Special Interest Group, chaired by Fujitsu, has reviewed the draft and provided some comprehensive feedback. Individual members may also respond to AGIMO in their own right. The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic suppliers and providers of a wide range of information technology and communications (ICT) products and services. We represent over 400 member organisations nationally, including global brands such as Apple, EMC, Fujitsu, Google, HP, IBM, Intel, Microsoft and Oracle; international companies including Telstra; national companies including Data#3, SMS Management and Technology, Technology One and Oakton Limited; and a large number of ICT SME s. SUMMARY FEEDBACK When setting objectives to encourage the uptake of cloud, government should orientate policies towards where industry will be five years from now, to ensure they remain appropriate in what is a challenging and fast moving environment. We understand Government is challenged to make the right decisions in this fast moving environment. Policy makers must be careful to intervene only where there is a clear opportunity to add value and address future market failure this is particularly true of cloud computing because of its dynamic and evolving nature. AIIA recommends AGMIO engage with equivalent state based government groups who are embarking on similar initiatives. Ensuring a national approach to assurance / certification will reduce duplication and costs and support harmonization with global markets. As cloud relies on economies of scale, service providers who make the investment for any certification would prefer to be then able to address a national market at least and prospectively also global markets. If the Commonwealth Government develops a unique certification requirement then the full benefits of cloud may not eventuate for all. An example is the recent NSW Government announcement attached. AIIA considers that the proposed approach which places emphasis on local standards, restrictions and government mandated limitations is significantly at odds with the adaptive, market-supportive strategy outlined by the Department of Broadband, Communications & the Digital Economy. Page 2 of 12

3 We congratulate the Government on its continuing efforts to secure efficiencies in the assessment and procurement of cloud computing offerings for use by departments and agencies. However, the proposed two stage process outlined in the draft report raises a number of significant and fundamental concerns for industry which are summarised below: 1. The five options considered in the draft do not in our view represent a comprehensive or complete range of the possibilities open to government. AIIA has proposed an alternative option that we believe addresses the needs of government whilst not unduly restricting nascent cloud services. 2. AIIA considers that the proposed strategy, based fundamentally on certification that aims to centralise and automate the process of managing cloud risk, is ill advised at this early stage of market development. The consequence for government of the proposed approach will be unnecessary limitation in the range of services available, additional cost and burden on cloud service providers. 3. Applying certification requirements to DCaaS offerings would impose an additional cost burden on all service providers, lower the potential economic viability of an already marginal business thereby reducing the number of potential market participants and represent an unwise first target for accreditation or baseline model for a future framework. 4. The proposed approach is inconsistent with the inherent dynamics of cloud service provision and consumption, which require both more sophisticated risk management frameworks on the consumer side as well as greater understanding of local requirements and commercial adaptation to the local market on the provider side. AIIA suggests a pathway for both sides to learn from each other in developing a mutually beneficial framework. The Commercial Service Provider Assurance Framework (CSPAF) referenced appears to address a separate and very specific government to citizen use-case that may or may not even be delivered as a cloud based service. AIIA views it having limited relevance for AGIMO s proposed scenario. Our view is that extending the restrictive CSPAF as proposed would result in an unworkable means of compliance for the IT industry and deny agencies the broadest contestable market. The approach that AIIA proposes as an alternative way forward is quite simple: i) In the short term, establish a working group that comprises representative local and global cloud providers, a representative sample of agencies that seek to procure and utilise cloud services along with key stakeholders from government including DSD and AGIMO. A possible charter for this working group is described later in the document. Page 3 of 12

4 ii) In the medium term, leverage the working group above and other resources to establish a framework that aligns Australian requirements and global practices. AIIA considers that the proposed approach which places emphasis on local standards, restrictions and government mandated limitations is significantly at odds with the adaptive, market-supportive strategy outlined by the Department of Broadband, Communications & the Digital Economy. We believe our alternative approach is more reflective of a genuine government-industry partnership as sought by Prime Minister Gillard in her speech at the Digital Economy Forum in October We believe it will maximise the benefit of perhaps the most significant advance in information technology for all of the Australian government, for business and for consumers. EXPANDED FEEDBACK Better approach required: Streamlining the evaluation process for a growing pool of cloud candidate offerings may have merits. Nevertheless we caution against an over-ambitious first attempt to apply prescriptive means of compliance against a highly diverse set of offerings that are not yet systematically or systemically described. Cloud computing has developed from the premise that standardisation coupled with scale (and hyperscale in some cases), can provide an economically attractive alternative means of sourcing IT requirements. Cloud computing offerings continue to develop apace addressing the current and emerging gamut of typical IT operations and business services within agencies. This evolution tends to confound simplistic risk categorisation based on a series of presently described prescriptive security requirements. We note that there is no indication in the document of the need to have a clear understanding of various cloud offerings and capabilities that would make it easier to perform a comparative evaluation. Certainly, AIIA sees the development of a consensus-agreed taxonomy or terminology for cloud services being of value. Members of the ICT industry have noted a similar desire amongst large commercial organisations to streamline the process of cloud selection and procurement especially by organisations in the financial services industry where risk management is a core business competency. In this sector the approach to cloud risk assessment has been conservative with the application of a case-by-case risk assessment of the many cloud proposals. In addition individual firms, together with the industry as a whole, have maintained a supporting, rolling review of assessments to identify logical groupings of services and risk patterns that can then be used to identify future opportunities for more streamlined assessment. Suggested action: We encourage AGIMO to consider a similar approach to that adopted in the financial services industry by following the Protective Security Policy Framework (PSPF) Page 4 of 12

5 requirements for agency risk management in respect of specific cloud proposals. We would further encourage AGIMO to take a lead role in harvesting learnings from these individual assessments across government to identify natural groupings or patterns of cloud risk that might be incorporated into some form of consolidate guidance. DCaaS is not an appropriate foundation: The DCaaS is a mechanism established to assess the feasibility of applying cloud computing to the long-tail problem of IT contracting where the market descriptively involves a high value by contract number but low individual and aggregate value of service provision. Although no specific numbers have been published to date, the IT industry is conscious that agency uptake has been low. This suggests that the mechanism remains unattractive to agencies at this point. Certainly the work involved to set up and operate such cloud offerings without any indication or commitment of agency demand and at a maximum price point of $80,000 already imposes severe economic limitations on suppliers. Consequently providers have had to make in good faith investment decisions to participate and the extent of market provision is yet to stabilise. We suggest that the additional burden of the type of certification implied in the draft would further erode the viability of the DCaaS rather than enhance it. The UK G-Cloud initiative pursues a similar objective and has already developed a certification program to underpin this App store approach. However as outlined in a study paper by Queen Mary University of London School of Law 1, it has already become clear that a significant cost and resource burden challenges suppliers contemplating selling under this regime. DCaaS has a defined narrow scope specific to a particularly IT-centric scenario. It does not provide a solid foundation for a framework to evaluate such divergent cloud services as citizen-relationship management, or social networking within the enterprise. Extending scope of CSPAF ill-advised: The Commercial Service Provider Assurance Framework (CSPAF) addresses a very specific use case - citizens using government services in a particular scenario around authentication and secure mailbox. Our understanding is that it was not constructed to address the circumstances of government using cloud in support of its own broader technology requirements. The actors and transactions and hence the risk profiles of cloud scenarios are likely to diverge very widely from this narrow use case. 1 Queen Mary University of London, School of Law, Legal Studies Research Paper No 115/2012 UK G-Cloud v1 and the impact on cloud contracts. W Kuan Hon; Christopher Millard; Ian Walden Page 5 of 12

6 For this reason we believe that the CSPAF is unsuitable for application to cloud accreditation for the purpose envisioned by AGIMO. In particular, we refer to the following key challenges with this proposed approach: i. The CSPAF s definitions of Digital Mailbox and Digital Vault embrace the specific requirements of a personal vault concept and would not suitably reflect the broad range of cloud service descriptions likely to interest government agencies. ii. The identity component of the CSPAF is based on references to early works in progress and does not represent a fully developed basis on which to support any accreditation scheme. The DVS, for instance, is currently a government runway to validate the authenticity of a paper-based ID credential and only lightly utilised within government. The National Trusted Identities Framework (NTIF), although a welcome initiative with considerable merit, is currently at the early exploratory stages of development and lacks a formal work stream. Additionally, the NTIF proposes an approach to claims-based ID that runs counter to the remainder of the ID and security approach in the CSPAF thereby establishing an apparent internal consistency. iii. Encryption requiring Public Key Infrastructure (PKI) must comply with Australianspecific Gatekeeper requirements which not only precludes any global IT cloud vendors from providing services involving PKI but also encumbers local providers with a significant cost burden. iv. No commercial model reflecting the cost of ID provisioned and risk apportionment for the operation of such an Assurance framework has been articulated and therefore its viability and the potential imposts for stakeholders are unknowable at this point. v. We provide additional detailed, line item feedback in Appendix 1 at the end of this document and refer the reader to this for specific details. A PROPOSED ALTERNATIVE APPROACH AIIA does not consider that the options presented in the draft paper represent a complete articulation of the possible range of approaches, nor do we consider the proposed preferred option of extending the DCaaS MUL or the CSP Assurance Framework is the right course for the Australian government to take. We would however like to suggest a possible alternative approach based on a set of principles that can enable a consistent evaluation of cloud service options. Start with principles as a basis We suggest that any framework to facilitate evaluation and adoption of cloud services by government agencies should be founded on a set of core principles, including: Page 6 of 12

7 1. Assume a collaborative approach. Collaboration between industry and government including user-agency representatives will be critical to ensure that the benefits and risk of cloud based IT service delivery is maximised for government and the stakeholders of government 2. Least possible infringement on innovation and choice: Cloud computing services are an emerging industry that offers tremendous potential benefit for government. It incorporates a wide variety of services, mechanisms for delivery, underlying technologies and commercial models. Any artificial limitations imposed through policy or regulation will inhibit necessary market innovation on one hand, and lessen the compelling value of cloud services on the other. 3. Standardisation where applied, should be globally relevant not locally biased: To secure maximum efficiency and resilience, cloud services are often standardised at a global level, even if delivered from a local data centre. Where possible, any unique requirements should be identified in a way that enables separate use cases to be isolated and accommodated without impacting the benefits of broader standardisation. Introducing unique local regulations or requirements will diminish the potential for a wide range of cloud providers to offer services locally. For Australian based cloud service providers, Australian-specific requirements may in the short term help restrict competition, but in the long term will hamper their ability to compete in an increasingly global market. 4. High standards of business conduct and demonstrated openness are paramount: Many of the operational, security, privacy and commercial protections of a cloud service consumer are embodied in commercial contracts and the business practices of the cloud provider. Transparency and accountability in these practices is essential and cloud providers should be prepared to table their practices in an open way that encourages scrutiny. The Cloud Security Alliance STAR registry is a positive example. 5. Security controls should be appropriate to cloud services and proportional to the risk: Traditional security controls and frameworks such as the Federal Information Security Manual are premised on agencies having direct control over the technology and controls supporting a particular IT service. These prescriptive approaches do not translate well into the circumstances of multi-tenancy, virtualisation and georedundancy that are features of cloud services. Achieving the right level of security protection in cloud services requires different types and mechanisms of control than Page 7 of 12

8 would be expected for an on-premise or hosted system. It is not possible to sensibly apply many of the controls with the ISM to a cloud service. 6. Treat assessment holistically. Certification and assurance should advance from a sound understanding of the stakeholders, assets and transactions. Risk should be apportioned and addressed by the entities most able to address it. Instantiate a framework embracing stakeholders, assets and risk The framework approach outlined in the Service Provider Certification Requirements for Australian Government (SPCR) and the Commercial Service Provider Assurance Framework (CSPAF) attempts to outline a set of prescriptive must haves rather than setting out a clear way of understanding the stakeholders, their relationship and responsibilities to each other, the information, and the risk associated with their interaction. An alternative model would look to bring together the three groups of stakeholders that each brings their perspective to a cloud option: 1: Government Protective security frameworks, such as the Business Impact Level models defining impact characteristics of information assets Sundry policies and constraints determining the boundaries of acceptable risk. 2: An agency cloud acquirer A set of business capability requirements A budget 3: Cloud computing vendor A prescribed set of offerings (service descriptions) A set of contractual undertakings A set of controls implementing these undertakings Possible 3 rd party attestations of performance against them Viewing the decision making more holistically like this will then enable AGIMO to describe the outcomes required, the limitations or parameters imposed by various government and related requirements and set the boundaries for a more targeted, streamlined risk assessment process. Page 8 of 12

9 Build out a clear risk evaluation path and process for agencies Industry accepts that government agencies need assistance to assess and evaluate cloud options and to assure themselves of an adequate level of security and operational reliability. It is therefore proposed that the following course of action be adopted: 1. In the short term, establish a working group that comprises representative local and global cloud providers, a representative sample of agencies that seek to procure and utilise cloud services along with key stakeholders from government including DSD and AGIMO. The charter of this working group would be to establish: a. Consensus principles of a framework that would enable government to more effectively and efficiently evaluate and risk assess cloud service options, while enabling the nascent cloud industry to develop, adapt and innovate b. Support the creation of risk management guidance and resources for the comparative evaluation of alternative cloud solutions, perhaps to include consensus agreed terminologies, taxonomies and evaluation templates. A set of evaluation guides based on a risk management approach could be developed by AGIMO together with the working group to help agencies interpret the relative merits of different cloud services and specifically assess issues like security, standards support, privacy protections, contractual processes, etc. c. It may be feasible to develop a standard format by which providers of cloud services can document the services that they provide to a minimal level of depth. This description could be comprehensive and document the types of services offered, operating models, security frameworks, privacy and data protection controls, etc. Importantly, it could detail whether specific international standards or frameworks are complied with such as ISO 27001, Cloud Security Alliance, etc. The government need not establish any formal registry as such, but it should be understood by the cloud provider industry that agencies or AGIMO may request the description documents during an evaluation or informal assessment of options. d. The group would build upon the Business Impact Level concept and other mechanisms from the PSPF to establish appropriate guidance for risk which would then inform subsequent candidate risk analysis. The DSD Cloud Computing Considerations could be reviewed to move beyond their quite narrow and restrictive beginnings. It is understood that the DSD guidance at present is built from a foundation of highest sensitivity to risk with an assumption of control over the physical and logical implementations. They may be appropriate for BIL levels 3+, but guidance for BIL 1-2 at the very least, should be developed with the working group. Page 9 of 12

10 2. In the medium term, leverage the working group above and other resources to establish a framework that aligns Australian requirements and global practices. In the end, the most efficient and effective outcome for Australian government will come about if this alignment exists. Local standards, local restrictions, local procurement nuances will only serve to increase the costs to government, limit the range of available choices and diminish the opportunities of local cloud service providers in the global market. Already the global market has coalesced around ISO standards and the Cloud Security Alliance. Australia s international allies have progressed cloud evaluations against mechanisms like Impact Levels in the UK and FedRAMP in the US. For Australia to invent a new framework would be counterproductive. Page 10 of 12

11 APPENDIX 1: Additional detailed feedback on specific line items. A review of both the Service Provider Certification Requirements for Australian Government (SPCR) together with Commercial Service Provider Assurance Framework (CSPAF) to which the former references has identified a number of inconsistencies. We have provided some examples below which, although not exhaustive, do indicate that the work stream requires considerable work. In referencing Business Impact Levels (BILs) in Attachment 3, The SPCS provides for a BIL 0. However, the formal description of these levels in the Attorney Generals public document of 21 June 2011 titled Protective security governance guidelines - Business impact levels makes no such reference. Page 8 of CSPAF describes requirements for Information Security Management Systems for LOA 1 and references requirements for DSD Cloud Computing Considerations as a baseline and the DSD Top Neither of these documents is actually control frameworks but rather guidance or discussion papers intended to precede a fuller risk analysis. Together with this DSD guidance, Page 8 of CSPAF for LOA 1 demands the requirement for documented Security Risk Management Plan including mitigation strategies. This presumably follows the Protective Security policy Framework (PSPF) requirement that agency heads ensure Risk Management principles are comprehensively applied within their agencies. However, if this is deemed necessary at the lowest LOA level, would it not be logical to subject all such cloud options to a snapshot Cloud Risk Assessment rather than trying to prematurely encapsulate the risk profile within an accreditation for a particular offering. The approach appears inconsistent. This would enable any risk to be identified formally, appropriate mitigations agreed and any necessary controls formalised with suppliers in a fully auditable way. These could later be formalised as natural patterns amongst cloud use emerge over time. Page 8 of CSPAF calls for I-RAP assessment for LOA 2. Cloud computing delivered by a supplier with infrastructure based outside Australia or even having infrastructure within Australia but servicing other geographies - either in a primary or failover capacity - would be unable to practically conform to this requirement. The multi- 2 Page 11 of 12

12 tenancy nature of cloud computing both at the infrastructure and the application layers means that it would be untenable for customer-led audits to be performed. For this reason many cloud providers have provided for third party yearly audits and made the results of these available publically. Given the market is already offering this form of attestation, would it not make more sense to cross recognise between government requirements and these? Page 8 of CSPAF demands encryption at rest as a base requirement for the lowest level LOA 1. In requiring encryption at this low risk level, government is imposing considerable cost burden to suppliers, and considerably narrowing the field of candidate suppliers and offerings which will tend to obviate the value of cloud as a service model. Additionally, the requirement for encryption at rest does not appear to recognise the need for complex key management in order to ensure any benefit and the cost and performance imposts this makes. Nor does it address the need for applications to operate on such encrypted data and hence the challenges of managing the trust chain in any processes involved together with attendant key management. Page 12 of 12

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA ACS CLOUD COMPUTING CONSUMER PROTOCOL Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic

More information

Cloud Computing in the Victorian Public Sector

Cloud Computing in the Victorian Public Sector Cloud Computing in the Victorian Public Sector AIIA response July 2015 39 Torrens St Braddon ACT 2612 Australia T 61 2 6281 9400 E info@aiia.com.au W www.aiia.comau Page 1 of 9 17 July 2015 Contents 1.

More information

THE AUSTRALIAN PUBLIC SERVICE BIG DATA STRATEGY. Comments from AIIA

THE AUSTRALIAN PUBLIC SERVICE BIG DATA STRATEGY. Comments from AIIA THE AUSTRALIAN PUBLIC SERVICE BIG DATA STRATEGY Comments from AIIA JULY 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and

More information

GEMS Regulator Performance Framework Metrics

GEMS Regulator Performance Framework Metrics GEMS Regulator Performance Framework Metrics AIIA response June 2015 Ground Suite B 7-11 Barry Drive Turner ACT 2612 GPO Box 573 Canberra ACT 2601 T 61 2 6281 9400 E info@aiia.com.au W www.aiia.comau About

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

National Cloud Computing Strategy

National Cloud Computing Strategy National Cloud Computing Strategy DBCDE DRAFT DISCUSSION PAPER AIIA Response 21 DECEMBER 2012 INTRODUCTION The Australian Information Industry Association (AIIA) welcomes the opportunity to provide comment

More information

NSW GOVERNMENT DRAFT ICT STRATEGY PLAN. AIIA Response

NSW GOVERNMENT DRAFT ICT STRATEGY PLAN. AIIA Response NSW GOVERNMENT DRAFT ICT STRATEGY PLAN AIIA Response 22 December 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing suppliers and providers

More information

AGIMO BIG DATA STRATEGY ISSUES PAPER. AIIA Response

AGIMO BIG DATA STRATEGY ISSUES PAPER. AIIA Response AGIMO BIG DATA STRATEGY ISSUES PAPER AIIA Response 5 APRIL 2013 2 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic suppliers

More information

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION 1. Introduction This document has been written for all those interested in the future approach for delivering ICT

More information

Electronic Health Records and Healthcare Identifiers: Legislation Discussion Paper

Electronic Health Records and Healthcare Identifiers: Legislation Discussion Paper Electronic Health Records and Healthcare Identifiers: Legislation Discussion Paper AIIA response July 2015 Ground Suite B 7-11 Barry Drive Turner ACT 2612 GPO Box 573 Canberra ACT 2601 T 61 2 6281 9400

More information

The Australian Public Service Big Data Strategy

The Australian Public Service Big Data Strategy The Australian Public Service Big Data Strategy Improved understanding through enhanced data-analytics capability AIIA response March 2014 Contact for this submission: Suzanne Roche 39 Torrens St Braddon

More information

IMPLEMENTATION OF LABOUR MARKET TESTING IN THE STANDARD TEMPORARY WORK (SKILLED) (SUBCLASS 457) VISA PROGRAM. Response from AIIA

IMPLEMENTATION OF LABOUR MARKET TESTING IN THE STANDARD TEMPORARY WORK (SKILLED) (SUBCLASS 457) VISA PROGRAM. Response from AIIA IMPLEMENTATION OF LABOUR MARKET TESTING IN THE STANDARD TEMPORARY WORK (SKILLED) (SUBCLASS 457) VISA PROGRAM Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association

More information

Rationale for a Cloud Services Framework

Rationale for a Cloud Services Framework Rationale for a Cloud Services Framework AIIA response to Draft Paper for Consultation January 2015 T 61 2 6281 9400 E W info@aiia.com.au www.aiia.comau About AIIA The Australian Information Industry Association

More information

Enhancing Online Safety for Children

Enhancing Online Safety for Children Enhancing Online Safety for Children Public consultation on key election commitments AIIA response March 2014 Contact for this submission: Sharon Kennard 39 Torrens St Braddon ACT 2612 Australia T 61 2

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013 AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper James Sankar, Alex Reid August 2013 AARNet, Australia's Academic and Research Network (AARNet) is the not- for- profit

More information

Cloud-Based ICT Services Checklist

Cloud-Based ICT Services Checklist Cloud-Based ICT Services Checklist Guideline A non-exhaustive list of considerations to be made when evaluating, purchasing, implementing and managing cloud-based ICT services. Keywords: Cloud-based ICT

More information

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 AIIA response to Bill and Explanatory Memorandum January 2015 T 61 2 6281 9400 E W info@aiia.com.au www.aiia.comau About

More information

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

Review of the Energy Savings Scheme. Position Paper

Review of the Energy Savings Scheme. Position Paper Review of the Energy Savings Scheme Position Paper October 2015 Contents Executive summary... 3 Energy Savings Scheme Review Report package... 3 Expanding to gas... 3 Target, penalties and duration...

More information

Australian National Audit Office. Report on Results of a Performance Audit of Contract Management Arrangements within the ANAO

Australian National Audit Office. Report on Results of a Performance Audit of Contract Management Arrangements within the ANAO Australian National Audit Office Report on Results of a Performance Audit of Contract Management Arrangements within the ANAO Commonwealth of Australia 2002 ISBN 0 642 80678 0 10 December 2002 Dear Mr

More information

Australian Government Cloud Computing Policy

Australian Government Cloud Computing Policy Australian Government Cloud Computing Policy Maximising the Value of Cloud VERSION 2.0 MAY 2013 AGIMO is part of the Department of Finance and Deregulation Contents Foreword 3 Introduction 4 Australian

More information

Email Protective Marking Standard Implementation Guide for the Australian Government

Email Protective Marking Standard Implementation Guide for the Australian Government Email Protective Marking Standard Implementation Guide for the Australian Government May 2012 (V2012.1) Page 1 of 14 Disclaimer The Department of Finance and Deregulation (Finance) has prepared this document

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

Australian Government Cloud Computing Policy

Australian Government Cloud Computing Policy Australian Government Cloud Computing Policy Maximising the Value of Cloud VERSION 2.1 JULY 2013 AGIMO is part of the Department of Finance and Deregulation Contents Foreword 3 Introduction 4 Policy 5

More information

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Guide to the National Safety and Quality Health Service Standards for health service organisation boards Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian

More information

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015 NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

More information

Council of Australian Governments Business Advisory Forum Canberra, 6 December 2012 Communiqué

Council of Australian Governments Business Advisory Forum Canberra, 6 December 2012 Communiqué Council of Australian Governments Business Advisory Forum Canberra, 6 December 2012 Communiqué The second meeting of the Business Advisory Forum to the Council of Australian Governments (COAG), convened

More information

Submission on the draft National Primary Health Care Strategic Framework October 2012

Submission on the draft National Primary Health Care Strategic Framework October 2012 Submission on the draft National Primary Health Care Strategic Framework October 2012 Council of Social Service of NSW (NCOSS) 66 Albion Street, Surry Hills 2010 Ph: 02 9211 2599 Fax: 9281 1968 email:

More information

Berlin, 15 th November 2013. Mark Dunne SaaSAssurance

Berlin, 15 th November 2013. Mark Dunne SaaSAssurance Berlin, 15 th November 2013 Mark Dunne SaaSAssurance SaaSAssurance guidance to Irish Government on Cloud Adoption Who are SaaSAssurance? Diverse multilingual European team Focus on the here and now Digital

More information

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public. 2:51 Outsourced Offshore and Cloud Based Computing Arrangements

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public. 2:51 Outsourced Offshore and Cloud Based Computing Arrangements Defence Security Manual DSM Part 2:51 Outsourced Offshore and Cloud Based Computing Arrangements Version 1 ation date July 2105 Amendment list 23 Optimised for Screen; Print; Screen Reader Releasable to

More information

NSW Data & Information Custodianship Policy. June 2013 v1.0

NSW Data & Information Custodianship Policy. June 2013 v1.0 NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and,

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and, Comments by Amcham India on draft Internet of Things (IoT) Policy released by the Department of Electronics & Information Technology (DeitY), on October 16, 2014 Standards The Draft IoT Policy already

More information

Appendix A: ICT and Information Management Strategy

Appendix A: ICT and Information Management Strategy Appendix A: ICT and Information Management 2014 2019 Head of Information and Business Change Sarah Caulkin October 2014 1 Version Control: Date Version Author Comments 04/08/14 0.1 Jo Harley First draft

More information

Government Cloud, Datacentre consolidation & Apps store development A perspective. Andy Macleod. Strategy and Policy Public Sector

Government Cloud, Datacentre consolidation & Apps store development A perspective. Andy Macleod. Strategy and Policy Public Sector Government Cloud, Datacentre consolidation & Apps store development A perspective Andy Macleod Strategy and Policy Public Sector Disclaimer This information is sourced from previous presentations by the

More information

WHOLE-OF- GOVERNMENT DATA CENTRES STRATEGY. INDUSTRY BEST PRACTICE PRINCIPLES. AIIA Comments

WHOLE-OF- GOVERNMENT DATA CENTRES STRATEGY. INDUSTRY BEST PRACTICE PRINCIPLES. AIIA Comments WHOLE-OF- GOVERNMENT DATA CENTRES STRATEGY. INDUSTRY BEST PRACTICE PRINCIPLES AIIA Comments 29 May 2010 OBJECTIVES AIIA recognises the Federal government has a need at a whole of government level for resilient,

More information

Supplier Assurance Framework Good Practice Guide

Supplier Assurance Framework Good Practice Guide Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT

More information

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond

More information

Chapter 2. Key issues and committee view

Chapter 2. Key issues and committee view Chapter 2 Key issues and committee view 2.1 The submissions received by the inquiry overwhelmingly supported the establishment of the ASBFE Ombudsman position, and its proposed role of supporting small

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Cloud Procurement Discussion Paper. For Comment

Cloud Procurement Discussion Paper. For Comment Cloud Procurement Discussion Paper For Comment AUGUST 2014 Acronyms Acronym AGIMO ASD DCaaS MUL IaaS NIST PaaS RFT SaaS SCS Definition Australian Government Information Management Office Australian Signals

More information

Development Proposal. Company Name Pty Ltd

Development Proposal. Company Name Pty Ltd Development Proposal Company Name Pty Ltd TITLE Government Community Cloud DATE 11 July 2011 Development Proposal UberGlobal CONTENTS UberGlobal White Paper: Government Community Cloud 3 Background 3 Perspective

More information

IRAP Policy and Procedures up to date as of 16 September 2014.

IRAP Policy and Procedures up to date as of 16 September 2014. Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and

More information

Corporate Plan 2015-19

Corporate Plan 2015-19 Corporate Plan 2015-19 i ii Serving the Australian Parliament The DPS Corporate Plan 2015-2019 This corporate plan lays out the strategic direction for the Department of Parliamentary Services for the

More information

Data Communications Company (DCC) price control guidance: process and procedures

Data Communications Company (DCC) price control guidance: process and procedures Guidance document Contact: Tricia Quinn, Senior Economist Publication date: 27 July 2015 Team: Smarter Metering Email: tricia.quinn@ofgem.gov.uk Overview: The Data and Communications Company (DCC) is required

More information

ITCRA Response. Request for Submissions on the Draft Version of the APP Guideline Chapters A to D and 1 to 5 covering APPs 1 to 5

ITCRA Response. Request for Submissions on the Draft Version of the APP Guideline Chapters A to D and 1 to 5 covering APPs 1 to 5 ITCRA Response Request for Submissions on the Draft Version of the APP Guideline Chapters A to D and 1 to 5 covering APPs 1 to 5 To: The Office of the Australian Information Commission Submitted: 20th

More information

Hosted Desktop as a Service

Hosted Desktop as a Service Hosted Desktop as a Service Contents 1 Introduction to Hosted Desktop Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Administration... 4 2.3 Access Methods... 4 2.4 Service

More information

Joint ICT Service ICT Strategy 2014-17

Joint ICT Service ICT Strategy 2014-17 Document History Document Location This document is only valid on the day it was printed. The source of the document will be found in (see footer) Revision History Date of this revision: 19 th May 2014

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

White Paper on CAPS for PSD2. August 2015

White Paper on CAPS for PSD2. August 2015 White Paper on CAPS for PSD2 A White Paper on draft suggestions for the practical realisation of TPP access as described in the revised Payment Services Directive (PSD2) by adopting an open, optional Controlled

More information

AGIMO and whole-of-government ICT Policy

AGIMO and whole-of-government ICT Policy AGIMO and whole-of-government ICT Policy Overview DAMA Canberra July 2013 Meeting Brian Catto Andrew McGalliard James Woods ICT Policy Team AGIMO 1 Agenda Who are AGIMO? What is AGIMOs role? APS ICT Strategy

More information

Big Data Strategy Issues Paper

Big Data Strategy Issues Paper Big Data Strategy Issues Paper MARCH 2013 Contents 1. Introduction 3 1.1 Where are we now? 3 1.2 Why a big data strategy? 4 2. Opportunities for Australian Government agencies 5 2.1 What the future looks

More information

Cloud Computing Strategy. an addendum to the. Queensland Government. ICT Strategy 2013 17. Queensland Government

Cloud Computing Strategy. an addendum to the. Queensland Government. ICT Strategy 2013 17. Queensland Government Department of Science, Information Technology, Innovation and the Arts Queensland Government Cloud Computing Strategy an addendum to the Queensland Government ICT Strategy 2013 17 Supporting Queensland

More information

Rule change request. 18 September 2013

Rule change request. 18 September 2013 Reform of the distribution network pricing arrangements under the National Electricity Rules to provide better guidance for setting, and consulting on, cost-reflective distribution network pricing structures

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

NECA response to Industry Engagement in Training Package Development Towards a Contestable Model Discussion Paper

NECA response to Industry Engagement in Training Package Development Towards a Contestable Model Discussion Paper NECA response to Industry Engagement in Training Package Development Towards a Contestable Model Discussion Paper Prepared by: Suresh Manickam Date: 19 th December, 2014 NECA National Office 1 19 th December

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

Managing Governments Shared Platforms Business Case

Managing Governments Shared Platforms Business Case Managing Governments Shared Platforms Business Case Version Control Version Date Edited By V1.0 17 March 2015 BDO 2 Managing Governments Shared Platforms - Business Case Executive Summary Harnessing the

More information

The Scottish Wide Area Network Programme

The Scottish Wide Area Network Programme The Scottish Wide Area Network Release: Issued Version: 1.0 Date: 16/03/2015 Author: Andy Williamson Manager Owner: Anne Moises SRO Client: Board Version: Issued 1.0 Page 1 of 8 16/04/2015 Document Location

More information

End user preferences for cloud suppliers

End user preferences for cloud suppliers End user preferences for cloud suppliers Claranet research programme For more information: claranet.co.uk - twitter.com/claranet To book an appointment or to discuss our cloud services: Call us: 0845 355

More information

REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 535 SESSION 2013-14 5 JULY 2013. Department for Culture, Media & Sport. The rural broadband programme

REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 535 SESSION 2013-14 5 JULY 2013. Department for Culture, Media & Sport. The rural broadband programme REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 535 SESSION 2013-14 5 JULY 2013 Department for Culture, Media & Sport The rural broadband programme 4 Key facts The rural broadband programme Key facts

More information

Guide to Integrated Strategic Asset Management

Guide to Integrated Strategic Asset Management Guide to Integrated Strategic Asset Management Issue date: 14 November 2011 Acknowledgements This guide is based on the Australasian Procurement and Construction Council Inc. s (APCC) publication, Asset

More information

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS Hong Kong Computer Society Room 1915, 19/F, China Merchants Tower, Shun Tak Centre, 168 Connaught Road Central, Hong Kong Tel: 2834 2228 Fax: 2834 3003 URL: http://www.hkcs.org.hk Email: hkcs@hkcs.org.hk

More information

Proposed Consequential and Conforming Amendments to Other ISAs

Proposed Consequential and Conforming Amendments to Other ISAs IFAC Board Exposure Draft November 2012 Comments due: March 14, 2013, 2013 International Standard on Auditing (ISA) 720 (Revised) The Auditor s Responsibilities Relating to Other Information in Documents

More information

Digital Continuity Plan

Digital Continuity Plan Digital Continuity Plan Ensuring that your business information remains accessible and usable for as long as it is needed Accessible and usable information Digital continuity Digital continuity is an approach

More information

University of Brighton Sustainable Procurement Strategy 2011-2015

University of Brighton Sustainable Procurement Strategy 2011-2015 University of Brighton Sustainable Procurement Strategy 2011-2015 Sustainable procurement in a challenging environment Introduction There is widespread recognition that climate change and the use of dwindling

More information

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014 Evidence guidelines Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD Publication date: January 2014 Supported by the Commonwealth Government

More information

Best Practice in Design of Public-Private Partnerships (PPPs) for Social Infrastructure, particularly in Health Care and Education

Best Practice in Design of Public-Private Partnerships (PPPs) for Social Infrastructure, particularly in Health Care and Education EMAIL contact@fosterinfrastructure.com WEB www.fosterinfrastructure.com Best Practice in Design of Public-Private Partnerships (PPPs) for Social Infrastructure, particularly in Health Care and Education

More information

Social impact assessment. Guideline to preparing a social impact management plan

Social impact assessment. Guideline to preparing a social impact management plan Social impact assessment Guideline to preparing a social impact management plan September 2010 Looking forward. Delivering now. The Department of Infrastructure and Planning leads a coordinated Queensland

More information

The Human Capital Management Systems Business Case A Checklist to assist agencies developing a business case

The Human Capital Management Systems Business Case A Checklist to assist agencies developing a business case The Human Capital Management Systems Business Case A Checklist to assist agencies developing a business case Final version for release Human Capital Management See more at psc.nsw.gov.au/hcm Index - Business

More information

Vocational Education and Training Reform Submission

Vocational Education and Training Reform Submission Vocational Education and Training Reform Submission Prepared by: Suresh Manickam Date: 23 rd July 2014 Page 1 NECA response to VET reform draft RTO standards As a lead player in the electrical training

More information

BOOSTING THE COMMERCIAL RETURNS FROM RESEARCH

BOOSTING THE COMMERCIAL RETURNS FROM RESEARCH BOOSTING THE COMMERCIAL RETURNS FROM RESEARCH Submission in response to the Discussion Paper November 2014 Page 1 ABOUT RESEARCH AUSTRALIA is an alliance of 160 members and supporters advocating for health

More information

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS 3 THE USE OF BUSINESS SOFTWARE AND SPORTS ARE DEFINITELY QUITE SIMILAR; IF YOU WANT TO PLAY (USE THE SOFTWARE), YOU HAVE TO ACCEPT THE RULES. THIS INCLUDES

More information

The PMO as a Project Management Integrator, Innovator and Interventionist

The PMO as a Project Management Integrator, Innovator and Interventionist Article by Peter Mihailidis, Rad Miletich and Adel Khreich: Peter Mihailidis is an Associate Director with bluevisions, a project and program management consultancy based in Milsons Point in Sydney. Peter

More information

Data centre strategies for business growth in a hybrid cloud world

Data centre strategies for business growth in a hybrid cloud world Data centre strategies for business growth in a hybrid cloud world A joint report from Pacnet and CIO Custom Solutions Group October 2014 Introduction The data centre has become an integral part of the

More information

National Clinical Effectiveness Committee. Prioritisation and Quality Assurance Processes for National Clinical Audit. June 2015

National Clinical Effectiveness Committee. Prioritisation and Quality Assurance Processes for National Clinical Audit. June 2015 National Clinical Effectiveness Committee Prioritisation and Quality Assurance Processes for National Clinical Audit June 2015 0 P age Table of Contents Glossary of Terms... 2 Purpose of this prioritisation

More information

Tasmanian Property Management Planning Framework

Tasmanian Property Management Planning Framework Tasmanian Property Management Planning Framework Booklet 1 Foreword This information has been developed to provide an introductory explanation of the Tasmanian Property Management Planning Framework (PMPF).

More information

IRCA Briefing note ISO/IEC 20000-1: 2011

IRCA Briefing note ISO/IEC 20000-1: 2011 IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC

More information

Remote Access Service (RAS)

Remote Access Service (RAS) Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5

More information

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing

More information

KCC Technology Strategy 2015-2018

KCC Technology Strategy 2015-2018 KCC Technology Strategy 2015-2018 Contents 1 Foreword... 3 2 Executive Summary... 4 3 Why a Technology Strategy... 6 4 Technology Roadmap and Key Initiatives 8 5 Self Service and Access... 11 6 Doing Things

More information

New Child Development Legislation, Legislation reform Discussion Paper No. 5 Submission from the AISSA

New Child Development Legislation, Legislation reform Discussion Paper No. 5 Submission from the AISSA New Child Development Legislation, Legislation reform Discussion Paper No. 5 Submission from the AISSA November, 2012 BACKGROUND The Association of Independent Schools of South Australia (AISSA) represents

More information

Queensland recordkeeping metadata standard and guideline

Queensland recordkeeping metadata standard and guideline Queensland recordkeeping metadata standard and guideline June 2012 Version 1.1 Queensland State Archives Department of Science, Information Technology, Innovation and the Arts Document details Security

More information

Victorian Government Risk Management Framework. March 2015

Victorian Government Risk Management Framework. March 2015 Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global

More information

Staying Connected. Hardship policy and program details. 1. Overview

Staying Connected. Hardship policy and program details. 1. Overview Staying Connected Hardship policy and program details 1. Overview Staying Connected is AGL s national hardship program. Launched in early 2003, the program was developed in consultation with AGL s Customer

More information

Procurement of Production and Post- Production Services in Australia

Procurement of Production and Post- Production Services in Australia Procurement of Production and Post- Production Services in Australia Introduction This document has been developed by The Communications Council in conjunction with the Commercial Producers Council subcommittee

More information

COMMONWEALTH GOVERNMENT RESPONSE TO THE PRODUCTIVITY COMMISSION INQUIRY: THE MARKET FOR RETAIL TENANCY LEASES IN AUSTRALIA

COMMONWEALTH GOVERNMENT RESPONSE TO THE PRODUCTIVITY COMMISSION INQUIRY: THE MARKET FOR RETAIL TENANCY LEASES IN AUSTRALIA COMMONWEALTH GOVERNMENT RESPONSE TO THE PRODUCTIVITY COMMISSION INQUIRY: THE MARKET FOR RETAIL TENANCY LEASES IN AUSTRALIA August 2008 SUMMARY 1. The former Treasurer asked the Productivity Commission

More information

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014 Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014 Chamber of Commerce and Industry of Western Australia (Inc) About CCI The Chamber

More information

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02) 8270 2218 Copyright in the material is owned by the State of New South Wales. Apart from any use as permitted under the Copyright Act 1968 and/or as explicitly permitted below, all other rights are reserved. You

More information

Draft guidelines and measures to improve ICT procurement. Survey results

Draft guidelines and measures to improve ICT procurement. Survey results Draft guidelines and measures to improve ICT procurement Survey results Europe Economics Chancery House 53-64 Chancery Lane London WC2A 1QU Tel: (+44) (0) 20 7831 4717 Fax: (+44) (0) 20 7831 4515 www.europe-economics.com

More information

Stakeholder category: NATIONAL NETWORK OF COMMUNITY SERVICE PROVIDERS

Stakeholder category: NATIONAL NETWORK OF COMMUNITY SERVICE PROVIDERS Name: Organisation: UNITING CARE AUSTRALIA Stakeholder category: NATIONAL NETWORK OF COMMUNITY SERVICE PROVIDERS State/Territory: ACT Contact email address: Response to Options Paper Department of Social

More information

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Undertaken by KPMG on behalf of Australian Commission on Safety and Quality in Health Care Contents

More information

2013-18 Business Plan. Executive Summary UK Shared Business Services Ltd

2013-18 Business Plan. Executive Summary UK Shared Business Services Ltd 2013-18 Business Plan Executive Summary UK Shared Business Services Ltd Published June 2013 Contents I Introduction 3 II Executive Summary 6 Introduction: Geared for Growth in the Service of our Customers

More information

6 Cloud strategy formation. 6.1 Towards cloud solutions

6 Cloud strategy formation. 6.1 Towards cloud solutions 6 Cloud strategy formation 6.1 Towards cloud solutions Based on the comprehensive set of information, collected and analysed during the strategic analysis process, the next step in cloud strategy formation

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

Quick Guide: Meeting ISO 55001 Requirements for Asset Management

Quick Guide: Meeting ISO 55001 Requirements for Asset Management Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get

More information