The Department of Information and Communications Technology (DICT) said it recently amended its “Cloud First Policy” to provide clearer instructions on policy coverage, data classification, and data security, as well as its policy on sovereignty, residency, and ownership.
The government’s Cloud First Policy promotes cloud computing as the preferred technology for government administration and the delivery of government services.
“Shifting to cloud computing is expected to foster flexibility, security, and cost-efficiency among users. Cloud computing also offers key advantages such as access to global systems of solutions, innovations, and services, as well as up-to-date cybersecurity,” the DICT said.
The recent amendments clarify which institutions shall be covered by the policy and which institutions shall only be encouraged to adopt it. This distinction was absent in the former version.
As amended, the Cloud First Policy covers all departments, bureaus, offices, and agencies of the executive branch, government owned and/or controlled corporations (GOCCs), state universities and colleges (SUCs), local government units (LGUs), and all cloud service providers and private entities rendering services to the government.
Meanwhile, Congress, the judiciary, the independent constitutional commissions, and the Office of the Ombudsman are encouraged to adopt the Cloud First Policy.
The amendments also clarify the government’s policy on data sovereignty, a concept that was confused with the concept of data residency in the previous version. In the latest version of the policy, the application of Philippine laws over its foreign counterparts is asserted over data owned or processed by the Philippine government or any entity that has links to the Philippines.
Additional provisions on ICT capacity building and development of essential skills to meet international and local standards are also included.
Data classifications are updated to include the following: highly sensitive government data; above-sensitive government data; sensitive government data; and non-sensitive government data.
The new classifications also provide a more consistent structure to guide the application of safety protocols on the access, storage, processing, and transmission of data in the cloud.
“We are continuously updating our policies to adapt to the present times. With the amended Cloud First Policy, we are paving the way to an ICT policy environment that is more responsive to current needs, further filling gaps in our country’s digitalization efforts,” DICT secretary Gregorio B. Honasan II said.
Honasan added the recent amendments to the Cloud First Policy are expected to further enable government agencies to more efficiently serve the public. By providing clearer directions on policy coverage, data classification, and data security, as well as data sovereignty, residency, and ownership, he said government agencies can now implement cloud-based services that are at par with global standards.
“The shift to a truly digital government is much more pressing today. As a member of IATF-MEID and lead agency in promoting the National ICT agenda, the DICT is committed to cover all aspects of this, primarily policies that would enable government digital transformation to ensure that we maximize ICT during this transition to the new normal,” Honasan explained.
Links for the full copy of the Cloud First Policy and its amendments as of 04 June 2020: