Cloud Computing Code of Practice

Our Cloud Computing Code of Practice is designed to ensure that customers receive the highest standards of security, reliability, and compliance. This code of practice addresses key areas of concern and provides peace of mind that our cloud services meet stringent requirements, even as we navigate the terms imposed by various infrastructure service providers.

1. Security and Privacy

1.1 Data Protection

  • Encryption: All data, both in transit and at rest, is encrypted using industry-standard encryption protocols.

  • Access Control: Strict access control mechanisms are implemented, including multi-factor authentication (MFA) and role-based access control (RBAC) to ensure that only authorized personnel have access to sensitive data.

1.2 Incident Response

  • 24/7 Monitoring: Continuous monitoring for security incidents with a dedicated security operations center (SOC) to respond immediately.

  • Incident Reporting: A clear and prompt incident reporting process is in place, ensuring that any security breaches are communicated to the relevant authorities within the required timeframes.

1.3 Compliance

  • Regulatory Compliance: Adherence to all relevant regulations and standards, including Government Cloud and NZISM requirements.

  • Regular Audits: Regular independent security audits and assessments to ensure ongoing compliance and security posture.

2. Reliability and Availability

2.1 High Availability

  • Redundant Infrastructure: Implementation of redundant systems and data centers to ensure high availability and minimal downtime.

  • Disaster Recovery: Comprehensive disaster recovery plans that include regular backups and failover procedures to ensure data integrity and availability in case of a disaster.

2.2 Performance Monitoring

  • Continuous Monitoring: Real-time performance monitoring to ensure optimal system performance and quick resolution of any issues.

  • Service Level Agreements (SLAs): Clearly defined SLAs guaranteeing uptime and performance standards, with financial penalties for non-compliance.

3. Data Management

3.1 Data Sovereignty

  • Flexible Infrastructure: Ability to switch between different infrastructure service providers to ensure compliance with data sovereignty requirements.

  • Data Residency: Ensuring that data residency requirements are met, with data stored and processed in accordance with local policies.

3.2 Data Lifecycle Management

  • Retention Policies: Implementation of data retention policies that comply with regulations for data archiving and disposal.

  • Data Portability: Providing tools and services to ensure data portability, allowing customers to easily transfer data if needed.

4. Transparency and Accountability

4.1 Clear Communication

  • Regular Reporting: Regular reports on system performance, security incidents, and compliance status.

  • Transparency: Open communication channels for discussing any concerns or requirements customers may have.

4.2 Accountability

  • Dedicated Account Managers: Assigning dedicated account managers to customers to ensure personalized service and accountability.

  • Continuous Improvement: Commitment to continuous improvement based on feedback and evolving best practices in cloud computing.

5. Ethical Practices

5.1 Ethical Use of Technology

  • Responsible AI: Ensuring that any AI and machine learning technologies used comply with ethical standards and do not perpetuate biases.

  • Sustainable Practices: Commitment to environmentally sustainable practices, including the use of energy-efficient data centers and reducing carbon footprints.

By adhering to this Cloud Computing Code of Practice, we provide customers with the assurance that our cloud services are secure, reliable, and compliant with the highest standards. This commitment ensures that data is handled with the utmost care and professionalism, and we maintain the flexibility to switch infrastructure providers to meet data protection requirements.