Cloud Computing Engagement Schedule

Schedule overview

1 Purpose

To provide the Information System Owner or their nominee with a checklist to be used in conjunction with information provided in the Engagement of Cloud Computing Services Procedure.

2 Scope

This schedule must be read in conjunction with the Engagement of Cloud Computing Services Procedure and is subordinate to it.

3 Schedule

By acknowledging completion of the items in this checklist, the Information System Owner confirms that consideration of the key actions has been undertaken.

Relevant Section within Procedure

Check/Tick

Build a business model to provide business context, estimate lifecycle cost and to form the basis for functional, performance and resource requirements

Capture requirements for functionality, standards, performance, manageability, security and compliance

Build a business case, providing business rationale and an assessment of options

4.1

Assess the risks and determine suitable treatment strategies

4.1.1

Evaluation and Consultation with relevant stakeholders

4.1.2

Consider issues relating to Intellectual Property and Copyright

4.1.3

Consider Location of provider and relevant infrastructure for data sovereignty

4.1.4

Consider Privacy and Data Security

4.1.5

Consider Records Retention and Availability

4.1.6

Consider Data Classification

4.1.7

Consider Business Continuity

4.1.8

Determine contractual terms prior to engaging the market

4.1.8

SLA and prepare an exit strategy which considers business continuity, disposition of data and exit costs

Approach the market

Select a provider, verifying claims on costs, architecture, reputation and capability

Plan the implementation, ensuring sufficient resources to prepare infrastructure and manage organisational change

Prepare for on-going operations, ensuring sufficient in-house resources will be in place for on-going operations

Manage and Review the contract, service and vendor relationship on an on-going basis at pre-defined time intervals.

4 References

Nil.

5 Schedule Information

Accountable Officer

Executive Director (ICT Services)

Policy Type

University Procedure

Approved Date

20/10/2017

Effective Date

20/10/2017

Review Date

1/5/2018

Relevant Legislation

Related Policies

Administrative Access Scheme Policy

Business Continuity Policy

Contract Management Policy (under development)

Enterprise Architecture Policy

ICT Information Management and Security Policy

Intellectual Property Policy and Procedure

Privacy Policy

Procurement and Purchasing Policy

Records and Information Management Policy

Right to Information Policy

Risk Management Policy and Procedure

Related Procedures

Administrative Access Scheme Procedure

Engagement of Cloud Computing Services Procedure

Information Asset and Security Classification Procedure

Records and Information Management Procedure

Right to Information Procedure

Related forms, publications and websites

A Guide to Implementing Cloud Services - Better Practice Guide

Cloud Computing Security Considerations

Negotiating the cloud - legal issues in cloud computing agreements

Privacy Impact Assessment

Privacy Threshold Assessment

Definitions

Terms defined in the Definitions Dictionary

Definitions that relate to this schedule only

Keywords

Record No

15/363PL

Complying with the law and observing Policy and Procedure is a condition of working and/or studying at the University.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.