[LINK] .nsw.gov.au and privacy
Michael
mskeggs at gmail.com
Thu Mar 5 15:05:44 AEDT 2020
On Wed, 4 Mar 2020 at 15:56, David <dlochrin at aussiebb.com.au> wrote:
> On 2020-03-04 15:10, Scott Howard wrote:
> >
> > In fact, a quick Google search seems to imply that they [have been
> approved as a platform by the Australian Signals Directorate (ASD) for over
> 3.5 years -
> https://www.computerworld.com/article/3459598/salesforce-joins-government-s-secure-cloud-services-list.html
>
> I should say I wasn't aware that ASD was conducting these assessments.
> But I think ASD are assessing "cloud" data storage services. In this case
> that certainly doesn't include the Salesforce.com entire operation, and the
> fact I was invited to change my "Salesforce account" password indicates
> whatever they're doing for Service NSW extends beyond data storage.
>
>
>
Ironically, the ASD just announced they were stopping these cloud
assessments, relying on individual agencies to conduct their own in future.
For the record, the IRAP assessment is very thorough, and does indeed cover
the Salesforce.com whole operation, or at least the elements in use to
deliver services to Service NSW.
In my day job I have cause to know more about NSW government software
procurement contracts than is healthy, and you might be reassured if you
read Clause 9 of their standard contract:
https://www.procurepoint.nsw.gov.au/system/files/documents/procure_it_v.3.2_head_agreement_.pdf
I would be very surprised if this wasn't the basis for the Service NSW
agreement.
Note also, Salesforce supplies the main case management database for FACS
in NSW, which obviously contains highly sensitive information.
Best regards,
Michael Skeggs
More information about the Link
mailing list