Difference between revisions of "Cloud FAQ"
| Line 5: | Line 5: | ||
<span style="font-family: Century Gothic; font-size: 28pt;"><font color=#9F000F;>Frequently Asked Questions</font><span> | <span style="font-family: Century Gothic; font-size: 28pt;"><font color=#9F000F;>Frequently Asked Questions</font><span> | ||
| − | <br | + | <br> |
<big> | <big> | ||
| − | + | == How can we help you? == | |
| + | <br> | ||
| + | <big>Browse our Frequently Asked Questions | ||
| + | </big><br> | ||
| + | === Top questions === | ||
| + | <big><big><br> | ||
| + | '''Where can I submit a Cloud service request? | ||
| + | ''' | ||
| + | <br> | ||
| + | - All cloud service requests should be submitted through the GC Cloud Broker, no matter the procurement authority. | ||
| + | <br>- All cloud services should be entered into an Application Portfolio Management (APM). | ||
| + | <br></br> | ||
| + | '''How do I buy PB cloud? | ||
| + | |||
| + | ''' | ||
| + | <br> | ||
| + | '''What do I do if my request is not being actioned?''' | ||
| + | </br><br> | ||
| + | '''Do I need SCED before using PB cloud? | ||
| + | ''' | ||
| + | </br><br> | ||
| + | '''Do all Cloud SaaS requests require GCEARB approval? | ||
| + | '''<br> | ||
| + | The short answer is No. The criteria for what goes to EARB is found in requirement 4.1.1.2 | ||
| + | |||
| + | https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 | ||
| + | </br><br> | ||
| + | '''Do Cloud services have to be procured using the SSC vehicle?''' | ||
| + | <br>As per the Directive on Service and Digital, Departments can perform a self-assessment without TBS supervision of your work. To find more about how to perform your self-assessment visit our Procurement section. | ||
| + | </br><br> | ||
| + | '''What are Departments budgetary limits for cloud solutions?''' | ||
| + | <br>Departments have procurement authorities up to a given limit and for given commodity groupings. Contact your procurement officers for clarification on your department's limits. | ||
| + | The Contracting Policy annexes provide a list of who can exclusively buy what or to which limit. Although it doesn’t refer to cloud directly. It simply talks about services. Departments can procure services unless otherwise specified in the policy's annexes. | ||
| + | |||
| + | https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=14494 | ||
| + | </br><br> | ||
| + | '''Where to procure cloud services? | ||
| + | '''<br> | ||
| + | Departments can buy the service from SSC if it is available through their brokerage. SSC has providers who have already undergone all security vetting and service terms that have been negotiated. This saves departments time and risk assessment. SSC has gone out and captured the hyperscale market with their framework agreement. While this market does not have a lot of players in it, it will represent the bulk of the GC's data holdings. SSC and their security partners spent a lot of time with these providers. | ||
| + | </br><br> | ||
| + | '''What happens if I don’t select an SSC provider? | ||
| + | ''' | ||
| + | Should you choose to go with another provider you will need to navigate risk decisions which can be typically slow in GC hierarchies, especially with PB data. | ||
| + | We also recognize that there is a long tail of cloud providers that will hold smaller and less sensitive data sets. These can be big cloud companies, but are often more focused on the consumer market than the enterprise market. They often may not hold that same security accreditation as the hyperscales. This is not the market SSC has captured. Some of these providers may, eventually, end up on the SSC framework agreement, but are not there today. To procure these services, you will need departmental authorities or work with PSPC if your department does not have sufficient authorities. | ||
| + | You must security assess these services. No matter where you buy, departments are ultimately responsible for assessment and risk assessment. When you buy through the SSC Framework Agreement, a portion of the security controls have been assessed by SSC and their security partners, thus accelerating your security assessment. | ||
| + | </big></big> | ||
| + | If you cannot find your topic or have a question that wasn’t answered, please send us an [[ZZCIOBDP@tbs-sct.gc.ca|email]] to reach our team.</big></big> | ||
<big> | <big> | ||
<big> | <big> | ||
Revision as of 02:04, 27 January 2020
Frequently Asked Questions
How can we help you?[edit | edit source]
Browse our Frequently Asked Questions
Top questions[edit | edit source]
Where can I submit a Cloud service request?
- All cloud service requests should be submitted through the GC Cloud Broker, no matter the procurement authority.
- All cloud services should be entered into an Application Portfolio Management (APM).
How do I buy PB cloud?
What do I do if my request is not being actioned?
Do I need SCED before using PB cloud?
Do all Cloud SaaS requests require GCEARB approval?
The short answer is No. The criteria for what goes to EARB is found in requirement 4.1.1.2
https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601
Do Cloud services have to be procured using the SSC vehicle?
As per the Directive on Service and Digital, Departments can perform a self-assessment without TBS supervision of your work. To find more about how to perform your self-assessment visit our Procurement section.
What are Departments budgetary limits for cloud solutions?
Departments have procurement authorities up to a given limit and for given commodity groupings. Contact your procurement officers for clarification on your department's limits.
The Contracting Policy annexes provide a list of who can exclusively buy what or to which limit. Although it doesn’t refer to cloud directly. It simply talks about services. Departments can procure services unless otherwise specified in the policy's annexes.
https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=14494
Where to procure cloud services?
Departments can buy the service from SSC if it is available through their brokerage. SSC has providers who have already undergone all security vetting and service terms that have been negotiated. This saves departments time and risk assessment. SSC has gone out and captured the hyperscale market with their framework agreement. While this market does not have a lot of players in it, it will represent the bulk of the GC's data holdings. SSC and their security partners spent a lot of time with these providers.
What happens if I don’t select an SSC provider?
Should you choose to go with another provider you will need to navigate risk decisions which can be typically slow in GC hierarchies, especially with PB data.
We also recognize that there is a long tail of cloud providers that will hold smaller and less sensitive data sets. These can be big cloud companies, but are often more focused on the consumer market than the enterprise market. They often may not hold that same security accreditation as the hyperscales. This is not the market SSC has captured. Some of these providers may, eventually, end up on the SSC framework agreement, but are not there today. To procure these services, you will need departmental authorities or work with PSPC if your department does not have sufficient authorities.
You must security assess these services. No matter where you buy, departments are ultimately responsible for assessment and risk assessment. When you buy through the SSC Framework Agreement, a portion of the security controls have been assessed by SSC and their security partners, thus accelerating your security assessment.
If you cannot find your topic or have a question that wasn’t answered, please send us an email to reach our team.
Learn more[edit | edit source]
- Read about cloud, from news to the most influential blogs.
- Learn about other Department implementations.
- Find events in your area and training for your team.
|
