ICT-as-a-service risk assessment guideline Guideline | February 2014–current CurrentNon-mandated This document provides guidance to support an agency in making informed and evidence-based decisions to either transition an ICT workload (system/application/data) to an as-a-service model (cloud, managed service) or to deliver via an in-house traditional approach.