ICT-as-a-service risk assessment guideline

Document:: ICT-as-a-service risk assessment guideline (PDF, 905.1 KB)
Document type:: Guideline
Version:: Final v1.0.2
Status:: CurrentNon-mandated
Effective:: February 2014–current
Security classification:: OFFICIAL-Public
Category:: Digital capability

This document provides guidance to support an agency in making informed and evidence-based decisions to either transition an ICT workload (system/application/data) to an as-a-service model (cloud, managed service) or to deliver via an in-house traditional approach.

Last updated:: 7 December 2022

QGEA directions and guidance

ICT-as-a-service risk assessment guideline

Cultural acknowledgement