OASIS Public Administration Cloud Requirements (PACR) TC Frequently Asked Questions

  1. What is the rationale behind this standardization effort? What is the motivation of the sponsors/authors?

    Governments are increasingly evaluating the use of, and converting many of their information and communication technology ("ICT") systems to cloud and other remote distributed computing services and installations. The nature of these relatively novel systems requires some re-examination of the public policy and government responsibility requirements generally applied to ICT functions on which public administrations rely. Some work has been done in creating typologies of cloud computing service function levels, and towards models of services; and several recently-formed coalitions have proposed requirements lists at one or another level of cloud activity, some of which are beginning to form a web of partially overlapping and disjointed mass of specifications and candidate standards. However, there is little help available to governments to integrate those lists into common, readilyunderstood rules that inform procurement, auditable assurance and conformance testing and acquisition criteria; and little or no openly available, vendor-neutral information mapping of such requirements to the rather large but looselyorganized body of existing ICT standards.

  2. What is the scope of this effort?

    The committee will develop a set of common required functional elements, and measurable criteria or qualities that should be present in cloud computing services or installations employed by public administration entities, whether purchased, hired or self-created and self-installed. In this context, "should be present" refers to aspects of a cloud service or installation that are likely to be necessary to reflect public sector risk profiles in order to satisfy the public policy aspects, governmental reliability and stability requirements, responsibility to citizens and constituent stakeholders, and broad, platform-neutral accessibility that generally are expected and desirable from useful, long-term government ICT resources. In essence the work will form a ‘profile’ of government requirements, drawn from and informed by existing works.

  3. Are there existing comparable or overlapping standards, or comparable standardization efforts currently under way (inside or outside OASIS)?

    The proposers of the TC are unaware of any currently published work that covers the entire scope of their work. Some elements of the PACR project may be informed by or related to a variety of other Cloud-related work being conducted within OASIS and other SDOs, Government bodies and NGOs.

  4. Is the product of this technical committee intended to be used in conjunction with other standards or complementary technologies?

    The TC's deliverables will not recommend or require the use of specific tools, products, technologies, software systems or branded commercial or non-commercial services. However, the TC may demonstrate implementation by publishing ‘profiles of the PACR profile’ based on specific protocols, and may identify which tools are used in connection therewith where needed to permit replication of results.

  5. Can you give some example of concrete applications that will benefit from standardizing the specifications from this TC?

    The work of the TC covers the whole domain of how Governments deliver their services to the citizen and business communities using Cloud-based technologies. To that end all applications involved in on-line service delivery and point-of-contact service delivery will potentially benefit from this new approach.

  6. Is it anticipated that TC deliverables will be broadly used, deployed, and/or implemented? Or are the deliverables intended for a narrow audience, possibly including only the TC membership?

    The TC deliverables will be for use by all Governments and public sector organisations across the globe.

  7. Do you see external factors that should help a broad acceptance and deployment of the specifications from this TC?

    The adoption of Cloud-based services is being actively encouraged by many influential bodies, e.g., the European Commission, and US NIST. The deliverables from this TC should therefore go a long way towards meeting the objectives of those organisations.

  8. Regarding the adoption of this specification(s) by a vendor for its products: is this a decision that vendor companies can make individually, or are the interoperability aspects important enough to require industry-wide, coordinated adoption?

    The deliverables from this TC will set out the basic requirements of public sector organisations for Cloud-based services and to that end will have an impact on all vendors who provide such services to Governments and therefore will require industry-wide adoption.

  9. Have the authors and their companies considered further ways to promote the produced specification(s) after completion (PR, marketing, campaigns, industry consortia....)?

    We will be looking to work with global institutions, e.g., European Commission, US NIST, to assist with promoting the PACR deliverables through the directives and guidance they issue to their member communities.

  10. Who should participate in this TC and what are the benefits of being involved?

    Participants should include a wide range of stakeholders involved in the delivery of Cloud-based services by public sector organisations including:

    • Government units and other entities responsible for data and computing resources employed in public administration, particularly those who have migrated or are evaluating migrating to cloud computing architectures.
    • Market participants, who consume, rely on and transact with those resources.
    • Regulators and policymakers with an interest in the procurement, control, interoperability, auditability, certification and accreditation of cloud resources.
    • Providers of cloud computing services, devices and advisory assistance who support the evaluation, initialization, migration, maintenance and monitoring of cloud computing services and installations.
    • Data integrators for the products and services used by the foregoing.
    • Providers of certification and accreditation services.

    All of these will benefit from the production of an agreed, unambiguous list of requirements which can be used in the procurement, auditable assurance and conformance testing of Cloud-based services delivered by public sector organisations.