OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

egov-ms message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance

Chet

Thanks for raising this very significant opportunity which I think is one we
should grasp.  I'm widening the discussion on this as it overlaps
considerably with our proposed PACR TC and our planning for the ICS 2012
event.  

From my reading and interpretation of the ODCA document I see that setting
the high-level generic requirement for Cloud Compliance by all business
sectors and the proposed PACR is the Government profile.  To that end we do
not need two separate TCs, one is a subset of the other.  It may be a very
large task for a single TC to handle all this but avoiding duplication is a
must, and providing a consistent and complimentary set of compliance
requirements for different business sectors should encourage the development
of testing and accreditation services by the private sector.

I would suggest the way forward is as follows:

- we close the PACR Discussion List as this now supersedes those
discussions;
- we look to draft a Charter for a new TC having the objective of
formalising the ODCA spec for all business sectors and initially producing a
Government profile with other business sector profiles to follow;
- we consider which part of OASIS is best for this TC to affiliate to, it
may or may not be the eGov MS;
- we look for the appropriate person to act as convenor to take this
forward, that may or may not be me;
- the ICS 2012 planning committee consider inviting the ODCA to co-sponsor
that event and adjust the whole programme to this alliance.   

We need a fairly quick decision on this before we get too much further down
the PACR route, so who is going to make that call?

Regards
John


-----Original Message-----
From: public-sector-cloud-discuss@lists.oasis-open.org
[mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of Neil
McEvoy
Sent: 30 June 2012 09:49
To: Peter F Brown
Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer;
public-sector-cloud-discuss@lists.oasis-open.org
Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible topic for
a new Technical Committee


Hi Peter

I would say it sets the high level scene, in a very nice, polished manner
that's very helpful to our momentum, and is complimentary in that you then
need to dive down to the detail level for the unique requirements of
different industries, like public sector as we are doing.

As we have been discussing I believe this is the right approach as the
public sector will ultimately will want to reference a set of standards
defined uniquely for them, but it's likely that the bulk of these will be a
common core, which can then be finalized and tailored with a remaining
section of those points unique to the sector. This could be repeated for
finance et al as they will likely want the same.

This would work well, because while the document lists hundreds of different
compliance requirements, it's likely most call for the same core mechanisms,
and it also defines this common core based on the NIST Cloud definitions.

Folks like the Cloud Security Alliance have documented in detail how to
secure Cloud environments in line with these models, and so all the material
is to hand to complete these tailored industry standards packages.

Regards Neil.



> Interesting - it is either a set-complement to the proposed PACR TC; 
> or challenges us to justify whether PACR should only look at public 
> sector requirements or not.
> If they are two distinct committees, there could be many advantages - 
> each concentrating on what is distinctly its own domain; the issues 
> comes with how to deal with requirements which are valid for both 
> public and private sector customers without there being contradictions.
> Or is PACR a 'sub set' of the problems raised here....
>
> I don't know the answers but the questions will keep coming I fear...
>
> Peter
>
> From: egov-ms@lists.oasis-open.org 
> [mailto:egov-ms@lists.oasis-open.org]
> On Behalf Of Chet Ensign
> Sent: Friday, 29 June, 2012 15:07
> To: egov-ms@lists.oasis-open.org
> Cc: Carol Geyer
> Subject: [egov-ms] Possible topic for a new Technical Committee
>
> Members of the eGov Steering Committee,
>
> The Open Data Center Alliance recently produced the attached customer 
> requirement overview. The goal of this document is to encourage and 
> support the development of an open standard framework addressing 
> regulatory compliance needs for cloud computing. (This is one of eight 
> usage models that can be found on the Alliance's web site at 
> http://www.opendatacenteralliance.org/ourwork/usagemodels).
>
> The ODCA produces customer requirements and then collaborates with 
> SDOs like OASIS to produce standards that addresss them. In this case, 
> they have identified the need for standard approaches to understanding 
> and navigating regulatory compliance and governance obligations both 
> for cloud customers and cloud providers as something that must be 
> addressed if cloud computing is to become broadly adopted. If we were 
> to start a TC in this area, the ODCA would contribute in-depth 
> customer requirements as an input to the work.
>
> The attached document spells out the high level requirements they have 
> identified. I believe OASIS has the experts and the track record to 
> tackle this problem effectively.
>
> I'm sharing this with you for two reasons: 1. To see whether you agree 
> that this is a real issue that needs to be addressed and 2. if so, to 
> see if you have any interest (or know others who might have an 
> interest) in talking about how to approach turning this into a Technical
Committee.
>
> What do you think? Worth discussing?
>
> Thanks & best regards,
>
> /chet
> ----------------
> Chet Ensign
> Director of Standards Development and TC Administration
> OASIS: Advancing open standards for the information society 
> http://www.oasis-open.org
>
> Primary: +1 973-996-2298
> Mobile: +1 201-341-1393
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> egov-ms-unsubscribe@lists.oasis-open.org<mailto:egov-ms-unsubscribe@li
> sts.oasis-open.org>
> For additional commands, e-mail:
> egov-ms-help@lists.oasis-open.org<mailto:egov-ms-help@lists.oasis-open
> .org>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> public-sector-cloud-discuss-help@lists.oasis-open.org


--
Neil McEvoy
Founder and President
Level 5 Consulting Group
http://L5consulting.net


---------------------------------------------------------------------
To unsubscribe, e-mail:
public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
For additional commands, e-mail:
public-sector-cloud-discuss-help@lists.oasis-open.org

Attachment: regulatory framework.pdf
Description: Adobe PDF document

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]