[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [public-sector-cloud-discuss] RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance
Neil No decisions yet. Chet and I are going to talk to ODCA and get their views on a possible way forward. So PACR is not killed or will be killed, just a question of whether it's a thing in its own right or part of a larger thing. We will get back to everybody after we've talked to them. John -----Original Message----- From: Neil McEvoy [mailto:neil.mcevoy@l5consulting.net] Sent: 05 July 2012 12:32 To: John Borras Cc: 'Chet Ensign'; 'James Bryce Clark'; 'Sabo, John T'; 'Jane Harnad'; 'Laurent M Liscia'; egov-ms@lists.oasis-open.org; 'Carol Geyer'; public-sector-cloud-discuss@lists.oasis-open.org; 'ADIL SOUSSI NACHIT'; 'Silvana Muscella'; 'Dee Schur' Subject: Re: [public-sector-cloud-discuss] RE: Possible topic for a new Technical Committee on Cloud Regulatory Compliance Hey folks Where are we on this decision? Is the PACR group being killed? My vote would be not to do so. I didn't see the ODCA document as being substantial enough to drive the momentum required such that sub-groups would prosper, and we'd see our efforts to date whither. I think to attract industry support and new member participation, a dedicated tc for Public Sector Cloud is required, and propose we continue with the launch of this group. Not a major point, but I'd also propose we change the name, to make it clear what we're doing, ie something literally like Public Sector Cloud. Kind regards, Neil. > Chet > > Thanks for raising this very significant opportunity which I think is > one we should grasp. I'm widening the discussion on this as it > overlaps considerably with our proposed PACR TC and our planning for > the ICS 2012 event. > > From my reading and interpretation of the ODCA document I see that > setting the high-level generic requirement for Cloud Compliance by all > business sectors and the proposed PACR is the Government profile. To > that end we do not need two separate TCs, one is a subset of the > other. It may be a very large task for a single TC to handle all this > but avoiding duplication is a must, and providing a consistent and > complimentary set of compliance requirements for different business > sectors should encourage the development of testing and accreditation > services by the private sector. > > I would suggest the way forward is as follows: > > - we close the PACR Discussion List as this now supersedes those > discussions; > - we look to draft a Charter for a new TC having the objective of > formalising the ODCA spec for all business sectors and initially > producing a Government profile with other business sector profiles to > follow; > - we consider which part of OASIS is best for this TC to affiliate to, > it may or may not be the eGov MS; > - we look for the appropriate person to act as convenor to take this > forward, that may or may not be me; > - the ICS 2012 planning committee consider inviting the ODCA to > co-sponsor that event and adjust the whole programme to this alliance. > > We need a fairly quick decision on this before we get too much further > down the PACR route, so who is going to make that call? > > Regards > John > > > -----Original Message----- > From: public-sector-cloud-discuss@lists.oasis-open.org > [mailto:public-sector-cloud-discuss@lists.oasis-open.org] On Behalf Of > Neil McEvoy > Sent: 30 June 2012 09:49 > To: Peter F Brown > Cc: Chet Ensign; egov-ms@lists.oasis-open.org; Carol Geyer; > public-sector-cloud-discuss@lists.oasis-open.org > Subject: Re: [public-sector-cloud-discuss] RE: [egov-ms] Possible > topic for a new Technical Committee > > > Hi Peter > > I would say it sets the high level scene, in a very nice, polished > manner that's very helpful to our momentum, and is complimentary in > that you then need to dive down to the detail level for the unique > requirements of different industries, like public sector as we are doing. > > As we have been discussing I believe this is the right approach as the > public sector will ultimately will want to reference a set of > standards defined uniquely for them, but it's likely that the bulk of > these will be a common core, which can then be finalized and tailored > with a remaining section of those points unique to the sector. This > could be repeated for finance et al as they will likely want the same. > > This would work well, because while the document lists hundreds of > different compliance requirements, it's likely most call for the same > core mechanisms, and it also defines this common core based on the > NIST Cloud definitions. > > Folks like the Cloud Security Alliance have documented in detail how > to secure Cloud environments in line with these models, and so all the > material is to hand to complete these tailored industry standards > packages. > > Regards Neil. > > > >> Interesting - it is either a set-complement to the proposed PACR TC; >> or challenges us to justify whether PACR should only look at public >> sector requirements or not. >> If they are two distinct committees, there could be many advantages - >> each concentrating on what is distinctly its own domain; the issues >> comes with how to deal with requirements which are valid for both >> public and private sector customers without there being contradictions. >> Or is PACR a 'sub set' of the problems raised here.... >> >> I don't know the answers but the questions will keep coming I fear... >> >> Peter >> >> From: egov-ms@lists.oasis-open.org >> [mailto:egov-ms@lists.oasis-open.org] >> On Behalf Of Chet Ensign >> Sent: Friday, 29 June, 2012 15:07 >> To: egov-ms@lists.oasis-open.org >> Cc: Carol Geyer >> Subject: [egov-ms] Possible topic for a new Technical Committee >> >> Members of the eGov Steering Committee, >> >> The Open Data Center Alliance recently produced the attached customer >> requirement overview. The goal of this document is to encourage and >> support the development of an open standard framework addressing >> regulatory compliance needs for cloud computing. (This is one of >> eight usage models that can be found on the Alliance's web site at >> http://www.opendatacenteralliance.org/ourwork/usagemodels). >> >> The ODCA produces customer requirements and then collaborates with >> SDOs like OASIS to produce standards that addresss them. In this >> case, they have identified the need for standard approaches to >> understanding and navigating regulatory compliance and governance >> obligations both for cloud customers and cloud providers as something >> that must be addressed if cloud computing is to become broadly >> adopted. If we were to start a TC in this area, the ODCA would >> contribute in-depth customer requirements as an input to the work. >> >> The attached document spells out the high level requirements they >> have identified. I believe OASIS has the experts and the track record >> to tackle this problem effectively. >> >> I'm sharing this with you for two reasons: 1. To see whether you >> agree that this is a real issue that needs to be addressed and 2. if >> so, to see if you have any interest (or know others who might have an >> interest) in talking about how to approach turning this into a >> Technical > Committee. >> >> What do you think? Worth discussing? >> >> Thanks & best regards, >> >> /chet >> ---------------- >> Chet Ensign >> Director of Standards Development and TC Administration >> OASIS: Advancing open standards for the information society >> http://www.oasis-open.org >> >> Primary: +1 973-996-2298 >> Mobile: +1 201-341-1393 >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> egov-ms-unsubscribe@lists.oasis-open.org<mailto:egov-ms-unsubscribe@l >> i >> sts.oasis-open.org> >> For additional commands, e-mail: >> egov-ms-help@lists.oasis-open.org<mailto:egov-ms-help@lists.oasis-ope >> n >> .org> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org >> For additional commands, e-mail: >> public-sector-cloud-discuss-help@lists.oasis-open.org > > > -- > Neil McEvoy > Founder and President > Level 5 Consulting Group > http://L5consulting.net > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > public-sector-cloud-discuss-help@lists.oasis-open.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > public-sector-cloud-discuss-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > public-sector-cloud-discuss-help@lists.oasis-open.org -- Neil McEvoy Founder and President Level 5 Consulting Group http://L5consulting.net
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]