View Only


  • 1.  Cloud Security Governance Framework

    Posted 25-08-2022 01:21 PM

    Hi Digital Practitioners,

    Have your organisation moved into cloud? And if so have you implemented a cloud security governance framework that aligns with your organisations policies?

    I would like to learn from your experience in developing the cloud security governance framework. In addition, I would also like to understand how you have implemented the Governance, Risk and Compliance management in the cloud.

    Like to hear your views from security and architecture point of view, it will be great if you can share any materials, links or provide a POC.

    Kavi Somar
    IT Security Specialist

    Kavithasan Somar
    IT Security Specialist

  • 2.  RE: Cloud Security Governance Framework

    Posted 26-08-2022 08:55 AM
    I work in the Administrative Appeals Tribunal and I am certainly interested in understanding the answer to that question as well.

    Iain Garrett-Benson
    Technology Governance Lead
    Administrative Appeals Tribunal

  • 3.  RE: Cloud Security Governance Framework

    Posted 28-09-2022 03:31 PM
    Thanks Kavi - I sent you a reply privately, I help that helped.

    Dale Todling
    Project Support and Engagement Officer
    Digital Transformation Agency

  • 4.  RE: Cloud Security Governance Framework

    Posted 26-10-2022 11:58 AM

    Hi Kavi, 

    HA has implemented CSP better practice guidance.
    For example: AWS now has E8/ISM conformance as a template which enforces rules across the whole AWS Org Units, and therefore every account etc. 
    Navigating ISM and Essential Eight compliance with AWS Config for Australian government agencies | AWS Public Sector Blog (
    I would lean on your sourcing and vendor mgmt team to see if you can through your contract with a CSP (likely a WofG agreement) to get assistance from the CSP themselves. 

    Ben Hall
    Assistant Director
    Department of Home Affairs