[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance
Chet Thanks for raising this very significant opportunity which I think is one we should grasp. I'm widening the discussion on this as it overlaps considerably with our proposed PACR TC and our planning for the ICS 2012 event. From my reading and interpretation of the ODCA document I see that setting the high-level generic requirement for Cloud Compliance by all business sectors and the proposed PACR is the Government profile. To that end we do not need two separate TCs, one is a subset of the other. It may be a very large task for a single TC to handle all this but avoiding duplication is a must, and providing a consistent and complimentary set of compliance requirements for different business sectors should encourage the development of testing and accreditation services by the private sector. I would suggest the way forward is as follows: - we close the PACR Discussion List as this now supersedes those discussions; - we look to draft a Charter for a new TC having the objective of formalising the ODCA spec for all business sectors and initially producing a Government profile with other business sector profiles to follow; - we consider which part of OASIS is best for this TC to affiliate to, it may or may not be the eGov MS; - we look for the appropriate person to act as convenor to take this forward, that may or may not be me; - the ICS 2012 planning committee consider inviting the ODCA to co-sponsor that event and adjust the whole programme to this alliance. We need a fairly quick decision on this before we get too much further down the PACR route, so who is going to make that call? Regards John -----Original Message----- From: public-sector-cloud-discuss@lists.oasis-open.org [mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of Neil McEvoy Sent: 30 June 2012 09:49 To: Peter F Brown Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer; public-sector-cloud-discuss@lists.oasis-open.org Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible topic for a new Technical Committee Hi Peter I would say it sets the high level scene, in a very nice, polished manner that's very helpful to our momentum, and is complimentary in that you then need to dive down to the detail level for the unique requirements of different industries, like public sector as we are doing. As we have been discussing I believe this is the right approach as the public sector will ultimately will want to reference a set of standards defined uniquely for them, but it's likely that the bulk of these will be a common core, which can then be finalized and tailored with a remaining section of those points unique to the sector. This could be repeated for finance et al as they will likely want the same. This would work well, because while the document lists hundreds of different compliance requirements, it's likely most call for the same core mechanisms, and it also defines this common core based on the NIST Cloud definitions. Folks like the Cloud Security Alliance have documented in detail how to secure Cloud environments in line with these models, and so all the material is to hand to complete these tailored industry standards packages. Regards Neil. > Interesting - it is either a set-complement to the proposed PACR TC; > or challenges us to justify whether PACR should only look at public > sector requirements or not. > If they are two distinct committees, there could be many advantages - > each concentrating on what is distinctly its own domain; the issues > comes with how to deal with requirements which are valid for both > public and private sector customers without there being contradictions. > Or is PACR a 'sub set' of the problems raised here.... > > I don't know the answers but the questions will keep coming I fear... > > Peter > > From: egov-ms@lists.oasis-open.org > [mailto:egov-ms@lists.oasis-open.org] > On Behalf Of Chet Ensign > Sent: Friday, 29 June, 2012 15:07 > To: egov-ms@lists.oasis-open.org > Cc: Carol Geyer > Subject: [egov-ms] Possible topic for a new Technical Committee > > Members of the eGov Steering Committee, > > The Open Data Center Alliance recently produced the attached customer > requirement overview. The goal of this document is to encourage and > support the development of an open standard framework addressing > regulatory compliance needs for cloud computing. (This is one of eight > usage models that can be found on the Alliance's web site at > http://www.opendatacenteralliance.org/ourwork/usagemodels). > > The ODCA produces customer requirements and then collaborates with > SDOs like OASIS to produce standards that addresss them. In this case, > they have identified the need for standard approaches to understanding > and navigating regulatory compliance and governance obligations both > for cloud customers and cloud providers as something that must be > addressed if cloud computing is to become broadly adopted. If we were > to start a TC in this area, the ODCA would contribute in-depth > customer requirements as an input to the work. > > The attached document spells out the high level requirements they have > identified. I believe OASIS has the experts and the track record to > tackle this problem effectively. > > I'm sharing this with you for two reasons: 1. To see whether you agree > that this is a real issue that needs to be addressed and 2. if so, to > see if you have any interest (or know others who might have an > interest) in talking about how to approach turning this into a Technical Committee. > > What do you think? Worth discussing? > > Thanks & best regards, > > /chet > ---------------- > Chet Ensign > Director of Standards Development and TC Administration > OASIS: Advancing open standards for the information society > http://www.oasis-open.org > > Primary: +1 973-996-2298 > Mobile: +1 201-341-1393 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > egov-ms-unsubscribe@lists.oasis-open.org<mailto:egov-ms-unsubscribe@li > sts.oasis-open.org> > For additional commands, e-mail: > egov-ms-help@lists.oasis-open.org<mailto:egov-ms-help@lists.oasis-open > .org> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > public-sector-cloud-discuss-help@lists.oasis-open.org -- Neil McEvoy Founder and President Level 5 Consulting Group http://L5consulting.net --------------------------------------------------------------------- To unsubscribe, e-mail: public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org For additional commands, e-mail: public-sector-cloud-discuss-help@lists.oasis-open.org
Attachment:
regulatory framework.pdf
Description: Adobe PDF document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]