Microsoft addresses NZ Government questions on cloud security

 |   Bob Glancy

Microsoft NZ releases responses to GCIO’s 105 questions through Azure Trust Centre

Microsoft has this week become one of the first cloud service providers in New Zealand to publicly demonstrate how its cloud platform, Microsoft Azure, meets the requirements set out in the New Zealand Government CIO’s 105 question due-diligence framework.

The NZ Government Chief Information Officer (GCIO), who is based within the NZ Department of Internal Affairs, has responsibility for providing guidance on how NZ government organisations should adopt cloud computing via a framework called ‘Requirements for Cloud Computing’.

As part of this effort, the GCIO has published a document entitled “NZ Government Cloud Computing: Security and Privacy Considerations”, which comprises 105 questions focused on security and privacy aspects of cloud services that are fundamentally related to data sovereignty.

Organisations that fall under the scope of the GCIO’s mandate for providing Ministers with government ICT System Assurance must apply this framework when they are deciding on the use of a cloud service. Other NZ State sector organizations are encouraged to use this framework as good practice guidance.

Microsoft NZ’s National Technology Officer, Russell Craig, says that to assist NZ Government organisations in meeting these requirements and expectations, Microsoft has proactively provided a comprehensive document of information showing how Azure meets the requirements set out in the 105-question government framework.

“This is a great step forward for us in being able to show both public and private sector customers how Microsoft addresses important security, privacy and sovereignty issues. None of our competitors have done anything like this” says Mr Craig.

“If you represent a NZ government organization that is considering adopting Azure, this information will assist your analysis. If you work outside of NZ government, and are interested in the security, privacy, and sovereignty aspects of Azure, you also may find both the questions set out in this framework and the responses from Microsoft to be helpful when evaluating different cloud service providers.

“We would like to think that our responses set the benchmark for the level of detail and transparency that cloud providers can and should offer their customers about these vital matters,” says Craig.

Craig notes that this framework is not, and does not, define a NZ government standard against which cloud service providers must demonstrate formal compliance.

“Many of the questions in the framework do, however, point customers toward the importance of understanding cloud service providers’ compliance with a wide array of relevant standards, the approach they take to security and data privacy, and what they do and don’t do with their customers’ data,” he says.

A PDF of Microsoft NZ’s response document to the 105 questions can be downloaded here.

For more information on the NZ Government Cloud Computing Security and Privacy Considerations, visit the Microsoft Azure Trust Centre here: http://azure.microsoft.com/en-us/support/trust-center/compliance/nz-gcio/

– ENDS –

For more information, contact:
Brendan Boughen
Communications Manager, Microsoft NZ
Mobile: +64 27 839 6044
Email: [email protected]

About Microsoft Azure
With Microsoft Azure, Office 365 and Microsoft Dynamics, Microsoft is delivering the industry’s most complete cloud — for every business, every industry and every geography. Microsoft delivers more than 200 services to over 1 billion customers, and 20 million businesses are served by their cloud infrastructure in over 90 markets globally.

About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, devices and solutions that help people and businesses realise their full potential.