Cloud strategy
Designed to align with and comply with existing national best practice (National Cyber Security Centre Cloud Security Principles), the Public Cloud and Co-Location Infrastructure Platforms Policy will help you understand the risks and the relevant controls to mitigate these.
Does this apply to me?
This policy applies to anyone involved in the governance, commissioning, design, development or delivery of NHS Digital services
What is it?
- It provides guidance and clarification on the controls that must be implemented to provide a secure approach to providing access and transfer capabilities between the NHS private network environment and public cloud platforms.
- It defines our risk appetite (in line with the Data Risk Assessment guidance) and the constraints that you should apply when using public cloud for hosting services and applications. It will help you understand the necessary constraints and the expectations programmes and functions will have to provide for cloud services once their data classification is identified.
What does the Public Cloud and Co-location Infrastructure Platforms Policy cover?
- Regulatory requirements
- Data Risk Assessment classifications
- Minimum documentation standards and principles
- Approval flow for cloud services
- Governance
- Selecting and working with the appropriate cloud
- Guidance on migrating existing/legacy services to Public Cloud
- Guidance on developing NEW services in Public Cloud
Is it known by another name
Yes. You may also have heard this policy called the Public Cloud First Policy, the Cloud Hosting Policy or Public Cloud Access from NHS Private Network. They are all the same thing.