[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [public-sector-cloud-discuss] RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance
Hey folks Where are we on this decision? Is the PACR group being killed? My vote would be not to do so. I didn't see the ODCA document as being substantial enough to drive the momentum required such that sub-groups would prosper, and we'd see our efforts to date whither. I think to attract industry support and new member participation, a dedicated tc for Public Sector Cloud is required, and propose we continue with the launch of this group. Not a major point, but I'd also propose we change the name, to make it clear what we're doing, ie something literally like Public Sector Cloud. Kind regards, Neil. > Chet > > Thanks for raising this very significant opportunity which I think is one > we > should grasp. I'm widening the discussion on this as it overlaps > considerably with our proposed PACR TC and our planning for the ICS 2012 > event. > > From my reading and interpretation of the ODCA document I see that setting > the high-level generic requirement for Cloud Compliance by all business > sectors and the proposed PACR is the Government profile. To that end we > do > not need two separate TCs, one is a subset of the other. It may be a very > large task for a single TC to handle all this but avoiding duplication is > a > must, and providing a consistent and complimentary set of compliance > requirements for different business sectors should encourage the > development > of testing and accreditation services by the private sector. > > I would suggest the way forward is as follows: > > - we close the PACR Discussion List as this now supersedes those > discussions; > - we look to draft a Charter for a new TC having the objective of > formalising the ODCA spec for all business sectors and initially producing > a > Government profile with other business sector profiles to follow; > - we consider which part of OASIS is best for this TC to affiliate to, it > may or may not be the eGov MS; > - we look for the appropriate person to act as convenor to take this > forward, that may or may not be me; > - the ICS 2012 planning committee consider inviting the ODCA to co-sponsor > that event and adjust the whole programme to this alliance. > > We need a fairly quick decision on this before we get too much further > down > the PACR route, so who is going to make that call? > > Regards > John > > > -----Original Message----- > From: public-sector-cloud-discuss@lists.oasis-open.org > [mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of > Neil > McEvoy > Sent: 30 June 2012 09:49 > To: Peter F Brown > Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer; > public-sector-cloud-discuss@lists.oasis-open.org > Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible topic > for > a new Technical Committee > > > Hi Peter > > I would say it sets the high level scene, in a very nice, polished manner > that's very helpful to our momentum, and is complimentary in that you then > need to dive down to the detail level for the unique requirements of > different industries, like public sector as we are doing. > > As we have been discussing I believe this is the right approach as the > public sector will ultimately will want to reference a set of standards > defined uniquely for them, but it's likely that the bulk of these will be > a > common core, which can then be finalized and tailored with a remaining > section of those points unique to the sector. This could be repeated for > finance et al as they will likely want the same. > > This would work well, because while the document lists hundreds of > different > compliance requirements, it's likely most call for the same core > mechanisms, > and it also defines this common core based on the NIST Cloud definitions. > > Folks like the Cloud Security Alliance have documented in detail how to > secure Cloud environments in line with these models, and so all the > material > is to hand to complete these tailored industry standards packages. > > Regards Neil. > > > >> Interesting - it is either a set-complement to the proposed PACR TC; >> or challenges us to justify whether PACR should only look at public >> sector requirements or not. >> If they are two distinct committees, there could be many advantages - >> each concentrating on what is distinctly its own domain; the issues >> comes with how to deal with requirements which are valid for both >> public and private sector customers without there being contradictions. >> Or is PACR a 'sub set' of the problems raised here.... >> >> I don't know the answers but the questions will keep coming I fear... >> >> Peter >> >> From: egov-ms@lists.oasis-open.org >> [mailto:egov-ms@lists.oasis-open.org] >> On Behalf Of Chet Ensign >> Sent: Friday, 29 June, 2012 15:07 >> To: egov-ms@lists.oasis-open.org >> Cc: Carol Geyer >> Subject: [egov-ms] Possible topic for a new Technical Committee >> >> Members of the eGov Steering Committee, >> >> The Open Data Center Alliance recently produced the attached customer >> requirement overview. The goal of this document is to encourage and >> support the development of an open standard framework addressing >> regulatory compliance needs for cloud computing. (This is one of eight >> usage models that can be found on the Alliance's web site at >> http://www.opendatacenteralliance.org/ourwork/usagemodels). >> >> The ODCA produces customer requirements and then collaborates with >> SDOs like OASIS to produce standards that addresss them. In this case, >> they have identified the need for standard approaches to understanding >> and navigating regulatory compliance and governance obligations both >> for cloud customers and cloud providers as something that must be >> addressed if cloud computing is to become broadly adopted. If we were >> to start a TC in this area, the ODCA would contribute in-depth >> customer requirements as an input to the work. >> >> The attached document spells out the high level requirements they have >> identified. I believe OASIS has the experts and the track record to >> tackle this problem effectively. >> >> I'm sharing this with you for two reasons: 1. To see whether you agree >> that this is a real issue that needs to be addressed and 2. if so, to >> see if you have any interest (or know others who might have an >> interest) in talking about how to approach turning this into a Technical > Committee. >> >> What do you think? Worth discussing? >> >> Thanks & best regards, >> >> /chet >> ---------------- >> Chet Ensign >> Director of Standards Development and TC Administration >> OASIS: Advancing open standards for the information society >> http://www.oasis-open.org >> >> Primary: +1 973-996-2298 >> Mobile: +1 201-341-1393 >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> egov-ms-unsubscribe@lists.oasis-open.org<mailto:egov-ms-unsubscribe@li >> sts.oasis-open.org> >> For additional commands, e-mail: >> egov-ms-help@lists.oasis-open.org<mailto:egov-ms-help@lists.oasis-open >> .org> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org >> For additional commands, e-mail: >> public-sector-cloud-discuss-help@lists.oasis-open.org > > > -- > Neil McEvoy > Founder and President > Level 5 Consulting Group > http://L5consulting.net > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > public-sector-cloud-discuss-help@lists.oasis-open.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > public-sector-cloud-discuss-help@lists.oasis-open.org -- Neil McEvoy Founder and President Level 5 Consulting Group http://L5consulting.net
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]