Introduction

This policy specifies the policy requirements that apply to cloud adoption and use in the Australian Public Service (APS).

This policy has been developed to empower government entities to transition from legacy systems to secure and scalable cloud solutions and actively encourages agencies to:

  1. Accelerate cloud adoption to modernise ICT infrastructure.
  2. Embed AI-readiness across cloud platforms to support innovation and service delivery.
  3. Mitigate risks associated with legacy systems and ensure resilience and security.
  4. Ensure responsible and secure cloud use, including data security, privacy and environmental sustainability.

Policy Aim

This policy aims to drive cloud uptake across government, leveraging the advantages offered by cloud technologies to enhance service delivery and security, promote innovation and enable artificial intelligence (AI) in government.

It also seeks to address challenges posed by migration from legacy technologies while maintaining compliance, promoting security and uplifting skills.

This policy will be progressively updated to accelerate cloud adoption, informed by implementation progress and strategic directions.

Applicability

This policy applies to all digital and ICT investments made by non-corporate Commonwealth entities. Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT Investment Oversight Framework (IOF). Corporate Commonwealth entities can choose to apply the policy.

The policy applies to all models of cloud adoption, including public, private and hybrid cloud models. It should be considered at all stages of cloud adoption including:

  • cloud procurement
  • transitions to cloud
  • data migration
  • solutions involving cloud
  • moving away from a cloud product.

This policy encourages accelerated cloud adoption. This may include multi-cloud and hybrid cloud solutions. Entities should assess potential solutions against their requirements and use cases.

Entities also must ensure cloud adoption practices are secure, aligning with the Department of Home Affairs’ policy requirements provided through the Protective Security Policy Framework.

National Security Applicability

This policy does not apply to the ‘national intelligence community’ (NIC) as defined by Section 4 of the Office of National Intelligence Act 2018.

Cloud Definition

The OECD (Organisation for Economic Co-operation and Development) defines cloud computing in its digital economy frameworks as a model for enabling on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released.

Links and resources

OECD (2014), Recommendation of the Council on Digital Government Strategies, OECD Publishing, Paris.
OECD. (2014). OECD Digital Economy Outlook 2015. OECD Publishing.

Next page

Policy requirements

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession