New Zealand updates cloud code of practice as ACS looks on

The Institute of IT Professionals NZ has released an updated version of its cloud computing code of practice, dubbed CloudCode.

As Australia begins its consultations on developing a voluntary code of practice for cloud computing, New Zealand has forged ahead and updated its cloud computing code, CloudCode, developed by the Institute of IT Professionals NZ (IITP).

Version 2 (PDF) of the code was released on Wednesday morning, and comes with a number of changes: An overhauled security section, a disputes and complaints procedure, details on how to become a code signatory, and changes to prepare for international adoption of the code.

The code has two key tenets. The first is not calling the offering "cloud computing" unless it actually is. Cloud computing is defined in the code as: "On-demand scalable resources, such as networks, servers, and applications, which are provided as a service, are accessible by the end user and can be rapidly provisioned and released with minimal effort or service provider interaction."

The second tenet is to disclose upfront important details for customers to make informed decisions. Much of the code consists of a disclosure form that provides details on the operations of cloud service providers, such as where data is stored, whether the company has a policy to comply with law enforcement requests, and who owns the intellectual property rights on resources uploaded to the service.

This version of the code also introduces a complaints mechanism for consumers to feel that a CloudCode-registered vendor has breached the code. In such a case, a "CloudCode investigation team" will contact the signatory concerned, and may convene a panel of independent experts, before drafting a report of findings with a proposed resolution. All parties will then have 14 days to respond before a final report is issued, with another 14 days for appeals. Once the appeal process is over, the proposed resolution will be enacted.

"An investigation may take anywhere from a day to several months, depending on the nature of the complaint," according to the code.

CloudCode is currently applicable to cloud providers operating in New Zealand, and any New Zealand providers operating overseas.

Australia, which is currently looking at developing its own code of conduct through the Australian Computer Society, has been in consultation with the IITP.

"A number of countries have expressed significant interest in adopting the CloudCode, and consultation began last week in Australia," said the IITP in a statement.

"IITP has been in discussions with representatives of the Australian federal government, and is working with our Australian kindred body, the Australian Computer Society (ACS), who are conducting consultation on behalf of their government.

"We're looking forward to continuing to work with our Australian cousins to work through the best option for Australia."

The code was financially supported by a range of organisations, with major contributions being made by Equinox IT, Gen-i, OneNet, Webdrive, Xero, and the IITP itself. Other financial backers were, Google, EOSS Online, InternetNZ, NZRise, and Systems Advisory Services.

CloudCode is released under a Creative Commons Attribution-No Derivative Works 3.0 New Zealand licence.