Cloud Assessment Tool (CAT)
The DTA is releasing a new tool to help agencies understand their compliance obligations when moving to the cloud. The Cloud Assessment Tool, or CAT, helps agencies know what they need to consider when they’re thinking about using a cloud service.
The tool helps teams to tackle the questions that we get asked the most. We get asked about:
- data classification
- procurement of cloud services
We’ve also included questions that aren’t about compliance, but which could help guide agencies towards good solutions. These cover things like whether the service:
- has transparent pricing
- is elastic and automatable
- allows agencies to pay only for what they use
When DTA ran user research for the Secure Cloud Strategy, agencies told us they struggled to understand their compliance obligations. This was raised as an obstacle to their adoption of cloud, so we included it in the Strategy.
We did a lot of user research to understand the problem, including one-on-one sessions with compliance experts. After a lot of prototyping and iterating, the evidence suggested that an assessment tool would be the most effective solution.
We would really like to thank our workshop participants for all their work and help over the last few months. Their input, feedback and advice has been invaluable, and we appreciate their time and effort.
How to use the CAT
The CAT isn’t intended to provide an authoritative answer about whether to use a cloud service. The questions in the tool are meant to spark a discussion with stakeholders, owners of risk, and decision-makers within an agency. The journey of answering the questions is just as important as the final result.
When you complete the questionnaire, the CAT will give you a report that you can take to your executives or decision-makers. It will give you a traffic light style overview of risks that have been addressed, or questions that might need more investigation. And because you can export and save your reports, you’re able to compare earlier assessments with more recent ones.
How we built it
We developed the CAT using the Australian Government Design System, which helped us easily create a service that’s consistent with other government websites, and which is accessible by default.
To deploy the CAT, we used cloud.gov.au. This platform abstracted away a lot of the complexities of delivering a modern cloud-based service, including HTTPS by default, zero-downtime deployments, and continuous delivery pipelines.