QGEA directions and guidance

Managing information in the Cloud

Document type:
Factsheet
Version:
Final v1.0.1
Status:
RepealedNon-mandated
Effective:
November 2018–November 2024
Security classification:
OFFICIAL
Category:
Digital capability

Final | November 2018 | v1.0.0 | OFFICIAL - PUBLIC |QGCIO

Purpose

This factsheet provides guidance to Queensland Government agencies who currently store their information in the cloud, use cloud service providers to collect information or are considering doing so. Its focus is on the information management considerations of outsourced cloud service solutions, which includes elements of information security, records management, contract management, procurement and privacy. Factsheets published by the QGCIO are generally for information only and agencies are not required to comply. They are intended to help agencies understand the appropriate approach to addressing a particular issue or doing a particular task.

This factsheet is not intended to replace specific advice which already exists in these areas, but instead brings together the relevant material required to ensure Queensland Government information stored in the cloud is appropriately and actively managed from creation through to disposal.

Background

The QGCIO Glossary defines Cloud computing as a utility model for gaining access to processing and storage capacity without having to own any hardware. A capacity-on-demand model where you pay someone else for the use of their capacity and you do not necessarily care how or where it is delivered.

In 2014 the QGCIO released the Cloud strategy (currently under review) which states that a cloud-based solution is the preferred option for all future digital and ICT investments. Since that time, there has been increasing adoption of a range of cloud services across Queensland Government, including the ongoing collection and storage of information.

Outsourced cloud services have the potential to lower storage costs, standardise services and deliver flexible and contemporary public services to the citizens of Queensland. However, these benefits can only be achieved by ensuring that any outsourcing risks, including those specifically relating to information management, are identified, monitored and appropriately actioned throughout the term of the outsourced cloud services contract arrangement.

While your agency may outsource information collection or storage to cloud service providers, it retains responsibility for all aspects of information management related to that information.

Last updated:
23 June 2025