The Ministry of IT and Telecommunications has notified the establishment of an Interim Cloud Office under the Pakistan Cloud First Policy.
According to the notification issued by MoITT, the interim cloud office has been established for a period of 6 months. Member IT, Syed Junaid Imam, has been given additional charge of DG Cloud, whereas Director IT, Muhammad Bilal Abbasi, has been given additional charge of Director Cloud Adaption.
Director Legal, Muhammad Ayub, will act as Director of Legal and Procurement, Director Telecom Wireless, Muhammad Jahanzeb Rahim, will act as Director Audits. Senior Manager Infrastructure MoITT, Aalishan Akhtar, has been given the additional charge of Director Infrastructure and Operations. Mudasir Abbasi will act as Joint Director Audits, whereas Muhammad Babar will act as Joint Director Cloud Adaption for the interim setup.
According to the Ministry of IT and Telecommunications, this interim setup has been established for a period of 6 months. After six months, a permanent cloud office will be established in the ministry. The MoITT has written to establish a division for the creation of permanent posts for cloud offices. After the approval from the establishment division, the hiring process will be started for the permanent cloud office.
The Cloud Office established in the Ministry of IT and Telecommunication will be responsible to set ToRs of baseline, intermediate, enhanced, and highest security in line with domestic and international benchmarks.
The Cloud First Policy gives mandates to the Cloud Office to define security baselines, based on domestic and international standards, for different cloud models designated to host different data classes for Public Service Entities.
According to PFCP, Cloud Service Providers and the Public Service Entities must maintain utmost integrity to protect the data and meet the security requirements set forth by the Cloud Office. The failure to satisfy any of the liabilities or obligations shall constitute a breach. Any data breach must be disclosed to the Cloud Office as soon as the breach is discovered.
Cloud Office, as determined in applicable regulations, may seek incident reports and determine appropriate response measures.