Re: [public-sector-cloud-discuss] RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance

["Neil McEvoy" <neil.mcevoy@l5consulting.net>]

Hey folks

Where are we on this decision? Is the PACR group being killed?

My vote would be not to do so. I didn't see the ODCA document as being
substantial enough to drive the momentum required such that sub-groups
would prosper, and we'd see our efforts to date whither.

I think to attract industry support and new member participation, a
dedicated tc for Public Sector Cloud is required, and propose we continue
with the launch of this group.

Not a major point, but I'd also propose we change the name, to make it
clear what we're doing, ie something literally like Public Sector Cloud.

Kind regards, Neil.


> Chet
>
> Thanks for raising this very significant opportunity which I think is one
> we
> should grasp.  I'm widening the discussion on this as it overlaps
> considerably with our proposed PACR TC and our planning for the ICS 2012
> event.
>
> From my reading and interpretation of the ODCA document I see that setting
> the high-level generic requirement for Cloud Compliance by all business
> sectors and the proposed PACR is the Government profile.  To that end we
> do
> not need two separate TCs, one is a subset of the other.  It may be a very
> large task for a single TC to handle all this but avoiding duplication is
> a
> must, and providing a consistent and complimentary set of compliance
> requirements for different business sectors should encourage the
> development
> of testing and accreditation services by the private sector.
>
> I would suggest the way forward is as follows:
>
> - we close the PACR Discussion List as this now supersedes those
> discussions;
> - we look to draft a Charter for a new TC having the objective of
> formalising the ODCA spec for all business sectors and initially producing
> a
> Government profile with other business sector profiles to follow;
> - we consider which part of OASIS is best for this TC to affiliate to, it
> may or may not be the eGov MS;
> - we look for the appropriate person to act as convenor to take this
> forward, that may or may not be me;
> - the ICS 2012 planning committee consider inviting the ODCA to co-sponsor
> that event and adjust the whole programme to this alliance.
>
> We need a fairly quick decision on this before we get too much further
> down
> the PACR route, so who is going to make that call?
>
> Regards
> John
>
>
> -----Original Message-----
> From: public-sector-cloud-discuss@lists.oasis-open.org
> [mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of
> Neil
> McEvoy
> Sent: 30 June 2012 09:49
> To: Peter F Brown
> Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer;
> public-sector-cloud-discuss@lists.oasis-open.org
> Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible topic
> for
> a new Technical Committee
>
>
> Hi Peter
>
> I would say it sets the high level scene, in a very nice, polished manner
> that's very helpful to our momentum, and is complimentary in that you then
> need to dive down to the detail level for the unique requirements of
> different industries, like public sector as we are doing.
>
> As we have been discussing I believe this is the right approach as the
> public sector will ultimately will want to reference a set of standards
> defined uniquely for them, but it's likely that the bulk of these will be
> a
> common core, which can then be finalized and tailored with a remaining
> section of those points unique to the sector. This could be repeated for
> finance et al as they will likely want the same.
>
> This would work well, because while the document lists hundreds of
> different
> compliance requirements, it's likely most call for the same core
> mechanisms,
> and it also defines this common core based on the NIST Cloud definitions.
>
> Folks like the Cloud Security Alliance have documented in detail how to
> secure Cloud environments in line with these models, and so all the
> material
> is to hand to complete these tailored industry standards packages.
>
> Regards Neil.
>
>
>
>> Interesting - it is either a set-complement to the proposed PACR TC;
>> or challenges us to justify whether PACR should only look at public
>> sector requirements or not.
>> If they are two distinct committees, there could be many advantages -
>> each concentrating on what is distinctly its own domain; the issues
>> comes with how to deal with requirements which are valid for both
>> public and private sector customers without there being contradictions.
>> Or is PACR a 'sub set' of the problems raised here....
>>
>> I don't know the answers but the questions will keep coming I fear...
>>
>> Peter
>>
>> From: egov-ms@lists.oasis-open.org
>> [mailto:egov-ms@lists.oasis-open.org]
>> On Behalf Of Chet Ensign
>> Sent: Friday, 29 June, 2012 15:07
>> To: egov-ms@lists.oasis-open.org
>> Cc: Carol Geyer
>> Subject: [egov-ms] Possible topic for a new Technical Committee
>>
>> Members of the eGov Steering Committee,
>>
>> The Open Data Center Alliance recently produced the attached customer
>> requirement overview. The goal of this document is to encourage and
>> support the development of an open standard framework addressing
>> regulatory compliance needs for cloud computing. (This is one of eight
>> usage models that can be found on the Alliance's web site at
>> http://www.opendatacenteralliance.org/ourwork/usagemodels).
>>
>> The ODCA produces customer requirements and then collaborates with
>> SDOs like OASIS to produce standards that addresss them. In this case,
>> they have identified the need for standard approaches to understanding
>> and navigating regulatory compliance and governance obligations both
>> for cloud customers and cloud providers as something that must be
>> addressed if cloud computing is to become broadly adopted. If we were
>> to start a TC in this area, the ODCA would contribute in-depth
>> customer requirements as an input to the work.
>>
>> The attached document spells out the high level requirements they have
>> identified. I believe OASIS has the experts and the track record to
>> tackle this problem effectively.
>>
>> I'm sharing this with you for two reasons: 1. To see whether you agree
>> that this is a real issue that needs to be addressed and 2. if so, to
>> see if you have any interest (or know others who might have an
>> interest) in talking about how to approach turning this into a Technical
> Committee.
>>
>> What do you think? Worth discussing?
>>
>> Thanks & best regards,
>>
>> /chet
>> ----------------
>> Chet Ensign
>> Director of Standards Development and TC Administration
>> OASIS: Advancing open standards for the information society
>> http://www.oasis-open.org
>>
>> Primary: +1 973-996-2298
>> Mobile: +1 201-341-1393
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> egov-ms-unsubscribe@lists.oasis-open.org<mailto:egov-ms-unsubscribe@li
>> sts.oasis-open.org>
>> For additional commands, e-mail:
>> egov-ms-help@lists.oasis-open.org<mailto:egov-ms-help@lists.oasis-open
>> .org>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
>> For additional commands, e-mail:
>> public-sector-cloud-discuss-help@lists.oasis-open.org
>
>
> --
> Neil McEvoy
> Founder and President
> Level 5 Consulting Group
> http://L5consulting.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> public-sector-cloud-discuss-help@lists.oasis-open.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> public-sector-cloud-discuss-help@lists.oasis-open.org


-- 
Neil McEvoy
Founder and President
Level 5 Consulting Group
http://L5consulting.net