ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT



Similar documents
See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

1~1)\~ MEMORANDUM CIRCULAR,NO

CSO Cloud Computing Study. January 2012

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

White Paper on CLOUD COMPUTING

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

IS PRIVATE CLOUD A UNICORN?

Cloud Computing; What is it, How long has it been here, and Where is it going?

PLATFORM & INFRASTRUCTURE AS A SERVICE

Strategies for Secure Cloud Computing

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

Security Issues in Cloud Computing

The NIST Definition of Cloud Computing


Technology & Business Overview of Cloud Computing

Enterprise Governance and Planning

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Managing Cloud Computing Risk

The NIST Definition of Cloud Computing (Draft)

Legal Issues in the Cloud: A Case Study. Jason Epstein

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

2012 Cloud Computing. Key Trends and Future Effects

6 Cloud computing overview

Developing a Risk-Based Cloud Strategy

Incident Handling in the Cloud and Audit s Role

Cloud Computing and Records Management

Services Providers. Ivan Soto

Capability Paper. Today, aerospace and defense (A&D) companies find

LEGAL ISSUES IN CLOUD COMPUTING

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Computing. Bringing the Cloud into Focus

journey to a hybrid cloud

Cloud Computing in a Regulated Environment

Secure Cloud Computing through IT Auditing

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

EXIN Cloud Computing Foundation

Cloud Computing. What is Cloud Computing?

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

The HIPAA Security Rule: Cloudy Skies Ahead?

The cloud - ULTIMATE GAME CHANGER ===========================================

12/1/2014. Cybersecurity and Cloud Services Compliance Considerations. Community Medical Centers. Cedars-Sinai. Dec. 5, 2014 San Francisco

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Cloud Service Rollout. Chapter 9

Cloud Computing and SaaS Environments

Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare

Cloud Computing in Banking

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Clinical Trials in the Cloud: A New Paradigm?

Cloud Procurement Discussion Paper. For Comment

Kent State University s Cloud Strategy

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Architectural Implications of Cloud Computing

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Improving IT Service Management Architecture in Cloud Environment on Top of Current Frameworks

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Cloud Computing for SCADA

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

NCTA Cloud Architecture

How cloud computing can transform your business landscape.

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

The Elephant in the Room: What s the Buzz Around Cloud Computing?

Fundamental Concepts and Models

Leveraging the Private Cloud for Competitive Advantage

How To Understand Cloud Computing

REPUBLIC OF THE PHILIPPINES HOUSE OF REPRESENTATIVES Quezon City, Metro Manila. SIXTEENTH CONGRESS First Regular Session. House Bill No.

BUSINESS MANAGEMENT SUPPORT

How cloud computing can transform your business landscape

CLOUD COMPUTING DEMYSTIFIED

Health & Human Services Information Technology Systems & Solutions

Library Systems Security: On Premises & Off Premises

Architecting the Cloud

Fundamental Concepts and Models

Cloud Models and Platforms

Cloud Computing & Hosting Solutions

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Qualification Guideline

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

Mobile Hybrid Cloud Computing Issues and Solutions

Addressing Cloud Computing Security Considerations

HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS

Security and Privacy in Cloud Computing

Five More Myths About SaaS and Cloud Computing

6. WHAT DOES IT TAKES TO PROVIDE SAAS?

Information Security Governance

Transcription:

MALACAÑANG PALACE MANILA BY THE PRESIDENT OF THE PHILIPPINES ADMINISTRATIVE ORDER NO. ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT WHEREAS, Section 24, Article II of the 1987 Constitution provides that the State shall recognize the vital role of communication and information in nation-building; WHEREAS, Section 2 (a) of EO 47 (s.2011) mandates ICTO to formulate, recommend and implement an appropriate policy and program framework that will promote the rapid development and improved global competitiveness of our country s information and communications technology industry through research and development and through effective linkages to industry; WHEREAS, Section 2(b) of Executive Order (EO) No. 47 (s. 2011) mandates the Information and Communications Technology (ICT) Office, under the Department of Science and Technology (DOST), to provide an efficient information and communications technology infrastructure, information systems and resources to support an effective, transparent and accountable governance and, in particular, support the speedy enforcement of rules and delivery of accessible public services to the people; WHEREAS, the government recognizes the need to utilize ICT to optimize asset utilization and reduce operating costs; WHEREAS, the government acknowledges that cloud computing offers the most cost efficient, cost effective, robust and the quickest means to deploy, maintain, and upgrade ICT resources; Section 1. GENERAL POLICY. All Departments, National Government Agencies and Government-Owned and Controlled-Corporations (GOCCs), including State Universities and Colleges (SUCs), are directed to adopt cloud computing as the preferred ICT deployment strategy for its own administrative use and delivery of government services, except (1) when no cloud computing deployment can meet the requirements of a government agency or (2) when it can be

proven that an alternative ICT deployment strategy is more robust, cost effective, and as secure as a cloud computing deployment. Congress, Judiciary, Constitutional Commissions and all local government units are likewise encouraged to adopt cloud computing. Section 2. DEFINITION OF TERMS The definition of terms used in this Order shall be as follows: 2.1 CLOUD COMPUTING (or CLOUD SERVICES) A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, software, applications, storage equipment and services) that can be rapidly provisioned and released with minimal management effort or service provider s interaction. 2.2 CLOUD INFRASTRUCTURE The collection of hardware, software and other related goods and resources that enables the provision of cloud services. 2.3 COMMUNITY CLOUD The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. 2.4 GOVERNMENT CLOUD OR GOVCLOUD It is a facility established to host government online services. 2.5 HYBRID CLOUD Deployment model of cloud computing using at least two different cloud deployment models. 2.6 INFRASTRUCTURE AS A SERVICE (IaaS) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud

infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). 2.7 PLATFORM-AS-A-SERVICE (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. 2.8 PRIVATE CLOUD The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. 2.9 PUBLIC CLOUD The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud services provider and/or its suppliers. 2.10 SOFTWARE-AS-A-SERVICE (SaaS) The capability provided to the consumer is to use the cloud service provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., webbased email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings.

2.11 SERVICE LEVEL AGREEMENT Documented agreement between the cloud service provider and cloud service customer that identifies services and cloud service level objectives. Section 3. READINESS OF THE AGENCY In order for a government institution to assess its readiness for cloud computing, the DOST-ICT Office shall define and implement the standards to determine the level of readiness of a government institution to adopt the use of cloud computing for its service delivery. Section 4. GOVERNMENT CLOUD (GOVCLOUD) 4.1 A Government cloud facility shall be established to host government online services subject to the guidelines of prioritization on ICT resources. The facility, which shall be a hybrid cloud, shall include, but not be limited to the following: 4.1.1 Infrastructure as a Service (IaaS) which includes GovCloud hardware; 4.1.2 Platform as a Service (PaaS) which includes the Government Web Hosting Service; 4.1.3 Software as a Service (SaaS) which includes the PMGov, Forms Generator (FormsGen), Archives and Records Management Information System (ARMIS) and PhPay. 4.2 If cloud computing resources are not available in the GovCloud, ICT requirements of other government institutions can be sourced from ICT Office accredited cloud service providers on a yearly basis. The ICT Office shall formulate accreditation guidelines which shall consider cloud confidentiality, visibility, data location, privacy and security controls and other requirements of the government. 4.3 Upon implementation and adoption of the GovCloud, the following responsibilities shall be performed/undertaken by: 4.3.1 ICT Office 4.3.1.1 Administer, operate and maintain the GovCloud, pursuant to this Administrative Order.

4.3.1.2 Promote the use of GovCloud. 4.3.1.3 Provide technical support, maintenance, security and capacity building assistance to government agencies availing the GovCloud Services. 4.3.2 Government institutions 4.3.2.1 Submit cloud services requirements to ICT Office for assessment/approval. 4.3.2.2 Use the GovCloud in its daily operations and as a tool in the delivery of its services; 4.3.2.3Follow all policies, rules, and regulations relating to the use of the GovCloud and related services. 4.4 The operations of GovCloud shall be governed by the laws of the Republic of the Philippines. All contracts, agreements, and service level agreements pertaining the same shall be bound by Philippine laws and any claims, or issues raised shall be resolved in the Philippine courts or Philippine adjudicatory bodies. Section 5. SERVICE LEVEL AGREEMENT (SLAs) The provisioning of Cloud Computing, either by the government through the ICT Office, or by ICT Office accredited cloud service providers, shall be governed by SLAs to specify and clarify performance expectations, as well as establish accountability. The SLAs should relate to the provisions in the contract regarding incentives, penalties, escalation procedures, disaster recovery and business continuity, and contract cancellation for the protection of the institution in the event the service provider failed to meet the required level of performance. The government institutions should closely monitor the service provider s compliance with key SLA provision on the following aspects, among others: Availability and timeliness of services; Confidentiality and integrity of data; Change control; Security standards compliance, including vulnerability and penetration management; Business continuity including disaster recovery and contingency plans; Help Desk Support.

Section 6. MIGRATION PROCESS The ICT Office shall formulate the migration guidelines for government agencies transferring their ICT resources into the Cloud considering the type of cloud computing services adopted. Section 7. RETRIEVAL DATA OWNERSHIP AND DATA LOCATION AND All contracts and agreements pertaining to the provisioning of cloud services to Government institutions covered by this Order shall contain provisions indicating ownership rights over data in favor of the government. All cloud serviceproviders must also be able to isolate and clearly identify data and other information system assets of the government agency it serves, and must be able to show that the same data are protected at all times, owned and controlled by the government, and is retrievable at any time. Section 8. INFORMATION SECURITY COMPLIANCE Government Institutions, in adopting cloud computing, shall protect the confidentiality, integrity and availability of data. The use of PNS ISO/IEC 27002:2005 as augmented by ISO/IEC 27018:2014 is hereby mandated as the minimum requirement in preparing the information security management system. Section 9. INTEROPERABILITY REQUIREMENTS Government Institutions shall require interoperability of the components of a cloud infrastructure to work together to achieve the intended result based on international standards, such as ISO/IEC 17203:2011. The components may come from different sources including public and private cloud implementations. The components should be replaceable by new or different components from different providers and continue to work, to facilitate the exchange of data between systems. Section 10. IMPLEMENTING GUIDELINES. The DOST-ICT Office in consultation with other government agencies and ICT related organizations shall formulate and issue the necessary rules and regulations that will serve as basis in the adoption and implementation of cloud computing within ninety (90) days from the effectivity of this Order.

Section 11. AGENCY COMPLIANCE. Within one hundred fifty (150) days from the effectivity of the Implementing Rules and Regulations (IRR), each Government Institution mandated under this Order shall submit to DOST-ICT Office a three-year Compliance Plan on the adoption of cloud computing. DOST-ICT Office shall monitor the formulation and implementation of the Compliance Plan of the respective government agencies. Section 12. APPROPRIATIONS. The DOST-ICTO shall include in its annual appropriations the amount necessary for the personnel services and ICT resources, including the data centers, servers, appliances, equipment and utilities necessary to run and operate the GovCloud, subject to the rules and regulations from the Department of Budget and Management, the General Appropriations Act, and other applicable rules. The DOST-ICTO shall be allowed to charge fees from its subscribers for the use of GovCloud facilities and services on a cost recovery basis to fund its variable expenses, in accordance with the provisions of AO No 31 (s. 2012). Government Institutions shall include in its appropriations the amount necessary to avail of cloud computing services from the ICT Office accredited Cloud Service Providers, subject to the usual government accounting and auditing rules and regulations. Section 13. REPEALING CLAUSE. All issuances, orders, rules and regulations or parts thereof which are inconsistent with the provisions of this AO are hereby repealed, amended or modified accordingly. Section 14. SEPARABILITY CLAUSE. Should any provision of this AO be declared invalid or unconstitutional, the other provisions not affected thereby shall remain valid and subsisting. Section 15. EFFECTIVITY. This AO shall take effect immediately.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information