Department of Information and Communications Technology

the Draft Government Cloud Policy

The amended PNG Government Cloud Policy (v2.7) includes several new inclusions aimed at providing better guidance to public bodies on cloud deployment models and data security measures.

One major change is the recommended structure change for the Definitions and Cloud Deployment Models section, which now includes Hybrid Cloud, Public Cloud, On Premises Infrastructure, Decision Making on Deployment Models, and Cloud Transition Considerations. Another change was the inclusion of the stage approach on the Implementation of the Cloud.

The policy also provides new guidance on decision making for deployment models based on the type of data, with Cloud as the default model for Public/Open Data and normal business workloads, and On Premises Data center as the default model for Top Secret Data. It also includes provisions for the use of Public Cloud for Confidential (Highly Sensitive) Data subject to a risk assessment and DICT review.

In terms of data security, the policy emphasizes the need for data classification and sensitivity assessments to ensure appropriate security controls. Access control measures such as strong authentication, appropriate authorization processes, and limited access rights based on user roles and responsibilities are also emphasized. Public bodies are also required to monitor user activities and ensure data encryption during transit and at rest within the government cloud and VPCs.

Overall, the new inclusions in the latest draft PNG Government Cloud Policy aims to provide clearer guidance and stronger security measures for public bodies utilizing cloud services.


Contact Information

Dept of Information & Communication Technology
PO Box 784
Vision City, National Capital District, PNG
Phone: +675 3250171
Location: Islander Drive, Waigani Drive, NCD

Connect with Us

© 2023 Department of Information & Communications Technology I All Rights Reserved.