Go to whole of WA Government Search
Home About us Policy Frameworks Information and Communications Technology Cloud Policy

Cloud Policy

Applicable to: This Policy is applicable to all WA health system entities, as defined in this Policy.

Description: The purpose of the Cloud Policy is to provide the requirements for evaluating and selecting cloud services within the WA health system, to ensure the ongoing security and confidentiality of WA health system information. This Policy also provides a basis for staff members to assess risks in aligning operational requirements with cloud services.

This Policy: 

  • defines cloud services options available to the WA health system
  • details mandatory requirements to adequately protect information when cloud services are utilised within the WA health system.

To ascertain the suitability of proposed cloud services, including any potential risks, cloud services have been categorised into three ‘zones’. 
Cloud Zone A: HealthNext (low risk)

  • Contains components of private and public clouds and includes both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments. 
  • The HealthNext Cloud contracts have been established to ensure the ongoing security and redundancy of information availability.

Cloud Zone B: Third Party – Australian-hosted (medium risk)

  • Australian hosted cloud services that sit outside of the HealthNext infrastructure. 

Cloud Zone C: Third Party – Offshore-hosted (high risk)

  • Cloud Zone C services are subject to the privacy and confidentiality laws within the country hosting the cloud service. These laws may be significantly different from those of Australia.

Staff members considering purchasing cloud services should obtain guidance from the Health Support Services Security and Risk Management Team via email infosec@health.wa.gov.au

This Policy is a mandatory requirement for Health Service Providers under the Information and Communications Technology Policy Framework pursuant to section 26(2)(k) of the Health Services Act 2016.

This Policy is a mandatory requirement for the Department of Health pursuant to section 29 of the Public Sector Management Act 1994.

Date of effect: 27 July 2020

Policy Framework

Related documents

Supporting information

wa.gov.au