Publication - Advice and guidance

Cloud Preparation Plan

Published: 30 Jun 2020

A cloud adoption preparation guide for public sector organisations.

Identify your data

In this step, you should work with colleagues from all business units to identify your organisation's data, classify it and consider its usefulness to other public sector organisations. Your organisation may already have a record of this information, particularly if you have an internal function dedicated to data governance and protection.

Why it's important to identify your data

Data lays at the heart of all public sector services. It is important to identify your data to enable you to:

  • share your data
  • protect your data.

Share your data

Open Data Strategy: the government's Open Data Strategy encourages public sector organisatiosn to 'recognise the value of data and responsibly makes use of data to improve public services and deliver wider societal and economic benefits for all'.

Open data is non-personal and non-commercially sensitive. Open data is easily discoverable, accessible to anyone and able to be freely used, re-used and redistributed by anyone. Open Data is data made available, via the internet, in an electronic format which supports its ready re-use, and with open licensing which allows its reuse.

The strategy is based on the following principles:

Principle

Description

Open data by default Those holding public data should make it open and available for others to re-use. Those collecting new data should ensure that the opening up of the data for re-use is built in to the process so that Open Data becomes part of the business process.
Quality and Quantity The amount of public data we own is huge but the quality of that data will vary. Published data will be supported by metadata so that consumers of the data understand it and are aware of any limitations within it. We will seek to release data in a timely and frequent manner.
Useable by all Data should be published in a manner which supports both easy discovery and easy re-use of the data. This includes ensuring that the format it is published in supports re-use and that it is accompanied by an open licence. Data will be made available free, with defined exceptions.
Releasing data for improved governance We will release data which supports delivery of better public services. We will use our data to improve the services and policies we deliver. We will seek through the release of data to better inform and engage with citizens.
Releasing data for improved innovation We will encourage and empower others to make use of the data we release to develop new products and services, for noncommercial and commercial use, which will create wider economic and societal benefits. We will encourage use of the data in education to increase awareness and participation and inspire a new generation of data users.

Consider how the use of cloud technologies can help your organisation to align with this strategy to unlock the potential of your data.

Open Data Strategy

Digital Strategy: a core focus of the Scottish Government's digital strategy is the cross-government integration of services to provide more convenient and functional public services.

Consider how the use of cloud services can support your organisation to meet this objective.

Two areas to focus on are:

  • Cloud adoption drives change: adopting cloud services requires your organisation to embark on a journey that disrupts your existing processes and approaches to delivering services. Times of change are an opportunity to do things differently and begin new initiatives
  • Cloud adoption provides new capabilities: public clouds provide a vast array of advanced technologies that you can consume on demand, with minimal investment or setup, and little to no on-going maintenance overhead. Consider how using such services might enable your organisation to unlock new opportunities to share your data and integrate your services (using APIs, for example) with other public sector organisations.

Digital Strategy

Protect your data

Using public cloud services means storing, processing and accessing data in new ways. This includes:

  • outside your organisation with a third-party provider
  • using different storage systems
  • processing and manipulating data with new services
  • accessing data using new methods (APIs, etc.)
  • different risk profile and threats
  • mitigating risks with new security controls and methodologies.

Adopting public cloud services can cause all of these changes, which is why the disruptive nature of a cloud adoption programme is often highlighted. It's important that you acknowledge and prepare for this disruption upfront, as it will enable you to plan and manage the changes to how you assess risk - and protect your data and services - later in your journey.

Why assess your data now?

Understanding your data and your obligation to protect and share it is vitally important to developing your approach to using cloud services. It has a profound impact on how and where you can store and process data, and the types of cloud services you can use.

By identifying and understanding your data now, you bring a renewed focus to data's role in services and ensure it remains at the forefront of your thinking. This is particularly important with service design, security and regulatory requirements. What's more, cloud adoption can also act as a powerful catalyst for sharing data, as it opens up new capabilities and lowers the barrier of entry to more ambitious initiatives.

Actions

The focus of this stage of the plan is to identify and record your organisation's data.

Step 1 – Identify and record your data

Identifying data across different functional units within an organisation can be challenging. You will need to work cross-functionally with colleagues in other areas of the business to discover and record repositories of data.

If you have one, your internal information governance team may be able to assist with the process. Although, it is unlikely they will be able to provide a complete picture alone, due to the impact of shadow IT on effective governance.

[i] You must work across functional units within your organisation to discover, record and categorise your data. It is everyone’s responsibility to handle data responsibly, and everyone must participate.

You can use the template below to record your data. Alternatively, your information governance or data protection team may already have an information asset register. Regardless of the method you use to discover and record your repositories of data, at a minimum you should capture:

  • associated applications or services
  • data owners
  • data controllers and processers.

Use the Data template (XLSX 9.8kb) to record this information

Step 2 – Understand and classify your data

Once you have discovered and recorded your data, you need to categorise or classify the data. The categorisation or classification of data is important because it simplifies the process of tracking and understanding data for your organisation. Simple but effective data classification allows your organisation to discuss data, build policies and implement security controls around it in a way everyone can understand and comply with.

You should work with your internal data protection team to understand your scheme and the methods by which you should assess and classify data.

Organisations who do not have internal data protection capabilities must seek help and guidance from authoritative organisations when assessing their data and preparing for cloud adoption.

Step 3 – Consider the value of your data

After building a picture of your data and understanding its characteristics, you should consider the value of the data in meeting Scotland's vision for a data sharing and re-use. Consider questions like:

  • would sharing this data lead to economic or societal benefits?
  • have other organisations requested access to this data?
  • if other organisations already access this data, can we improve its quality, usefulness or availability?
  • are their opportunities to integrated the data across government to provide better public services?

Consider the data you discovered in Step 1 in the context of these questions, and determine whether you need to include additional objectives around data in your motivations and desired outcomes within your cloud strategy.

For more information, refer to the Open Data Strategy.

Additional reading

ICO - identifying data processors and controllers


Contact

Email: Cloud1st@gov.scot

Telephone: 0300 244 4000

Post:

Cloud First
Digital Transformation Division
Area 1H South
Victoria Quay
Edinburgh
EH6 6QQ