Governance, security and controls

The cloud introduces new security models and challenges.  As data and systems are moved out of the “walled garden” of a corporate datacentre, a more holistic approach to controls and governance is required. Implementation of effective security can seem daunting. The Cloud Centre of Excellence (CCoE)’s role is to support and guide cloud adopters to build their systems to be secure and compliant. 

Successful cloud adoption relies on the inputs of a broad range of stakeholders to maintain executive oversight over security, compliance, finance, risk, and service delivery aspects of IT delivery.

Governance of the cloud platforms and their use is managed by the NHS Digital Technical Review Group (TRG). TRG provides technical governance by ensuring that all developments and activities align to published policies, principles, patterns, and standards. It has delegated responsibilities for applying the policies set by the Architecture Board, Applications and Infrastructure Design Authority, Cyber Design Authority, and Data Design Authority.

The entry point for cloud governance is via the Cloud Hosting Request (CHR) form, which is required to apply for a new cloud subscription account.  TRG evaluates the hosting request alongside other key design artefacts (Solution Design Overview, Key Architecture Decision, COTS request) and determines the appropriate governance route to live.

Contact us by emailing [email protected].