OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

egov-ms message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [public-sector-cloud-discuss] RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance

+1 to:
1. The name change
2. Not giving up

Thanks Neil!

On 7/5/2012 1:32 AM, Neil McEvoy wrote:
Hey folks

Where are we on this decision? Is the PACR group being killed?

My vote would be not to do so. I didn't see the ODCA document as being
substantial enough to drive the momentum required such that sub-groups
would prosper, and we'd see our efforts to date whither.

I think to attract industry support and new member participation, a
dedicated tc for Public Sector Cloud is required, and propose we continue
with the launch of this group.

Not a major point, but I'd also propose we change the name, to make it
clear what we're doing, ie something literally like Public Sector Cloud.

Kind regards, Neil.


Thanks for raising this very significant opportunity which I think is one
should grasp.  I'm widening the discussion on this as it overlaps
considerably with our proposed PACR TC and our planning for the ICS 2012

 From my reading and interpretation of the ODCA document I see that setting
the high-level generic requirement for Cloud Compliance by all business
sectors and the proposed PACR is the Government profile.  To that end we
not need two separate TCs, one is a subset of the other.  It may be a very
large task for a single TC to handle all this but avoiding duplication is
must, and providing a consistent and complimentary set of compliance
requirements for different business sectors should encourage the
of testing and accreditation services by the private sector.

I would suggest the way forward is as follows:

- we close the PACR Discussion List as this now supersedes those
- we look to draft a Charter for a new TC having the objective of
formalising the ODCA spec for all business sectors and initially producing
Government profile with other business sector profiles to follow;
- we consider which part of OASIS is best for this TC to affiliate to, it
may or may not be the eGov MS;
- we look for the appropriate person to act as convenor to take this
forward, that may or may not be me;
- the ICS 2012 planning committee consider inviting the ODCA to co-sponsor
that event and adjust the whole programme to this alliance.

We need a fairly quick decision on this before we get too much further
the PACR route, so who is going to make that call?


-----Original Message-----
From: public-sector-cloud-discuss@lists.oasis-open.org
[mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of
Sent: 30 June 2012 09:49
To: Peter F Brown
Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer;
Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible topic
a new Technical Committee

Hi Peter

I would say it sets the high level scene, in a very nice, polished manner
that's very helpful to our momentum, and is complimentary in that you then
need to dive down to the detail level for the unique requirements of
different industries, like public sector as we are doing.

As we have been discussing I believe this is the right approach as the
public sector will ultimately will want to reference a set of standards
defined uniquely for them, but it's likely that the bulk of these will be
common core, which can then be finalized and tailored with a remaining
section of those points unique to the sector. This could be repeated for
finance et al as they will likely want the same.

This would work well, because while the document lists hundreds of
compliance requirements, it's likely most call for the same core
and it also defines this common core based on the NIST Cloud definitions.

Folks like the Cloud Security Alliance have documented in detail how to
secure Cloud environments in line with these models, and so all the
is to hand to complete these tailored industry standards packages.

Regards Neil.

Interesting - it is either a set-complement to the proposed PACR TC;
or challenges us to justify whether PACR should only look at public
sector requirements or not.
If they are two distinct committees, there could be many advantages -
each concentrating on what is distinctly its own domain; the issues
comes with how to deal with requirements which are valid for both
public and private sector customers without there being contradictions.
Or is PACR a 'sub set' of the problems raised here....

I don't know the answers but the questions will keep coming I fear...


From: egov-ms@lists.oasis-open.org
On Behalf Of Chet Ensign
Sent: Friday, 29 June, 2012 15:07
To: egov-ms@lists.oasis-open.org
Cc: Carol Geyer
Subject: [egov-ms] Possible topic for a new Technical Committee

Members of the eGov Steering Committee,

The Open Data Center Alliance recently produced the attached customer
requirement overview. The goal of this document is to encourage and
support the development of an open standard framework addressing
regulatory compliance needs for cloud computing. (This is one of eight
usage models that can be found on the Alliance's web site at

The ODCA produces customer requirements and then collaborates with
SDOs like OASIS to produce standards that addresss them. In this case,
they have identified the need for standard approaches to understanding
and navigating regulatory compliance and governance obligations both
for cloud customers and cloud providers as something that must be
addressed if cloud computing is to become broadly adopted. If we were
to start a TC in this area, the ODCA would contribute in-depth
customer requirements as an input to the work.

The attached document spells out the high level requirements they have
identified. I believe OASIS has the experts and the track record to
tackle this problem effectively.

I'm sharing this with you for two reasons: 1. To see whether you agree
that this is a real issue that needs to be addressed and 2. if so, to
see if you have any interest (or know others who might have an
interest) in talking about how to approach turning this into a Technical
What do you think? Worth discussing?

Thanks & best regards,

Chet Ensign
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Neil McEvoy
Founder and President
Level 5 Consulting Group

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Laurent Liscia, Executive Director and CEO
OASIS: Advancing open standards for the information society
(510) 669-1261

Follow OASIS on:
LinkedIn: http://linkd.in/OASISopen
Twitter: http://twitter.com/OASISopen
Facebook: http://facebook.com/oasis.open

Take a tour of OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]