The public sector1 currently faces a significant challenge to enable active citizenship, increase efficiency of service delivery, and facilitate inclusive economic growth and transformation and to do so cost effectively and securely with limited resources. To meet these challenges the National Development Plan envisages an ecosystem of digital networks, services, applications, content, and devices that will connect public administration to the active citizen; promote economic growth, development, and competitiveness; drive the creation of decent work; underpin nation-building and strengthen social cohesion; and support local, national, and regional integration.2
Cloud services will be at the forefront of the government's digital transformation. The cloud can provide cost effective access to unprecedented power to rapidly process and analyze vast quantities of data to produce actionable analysis, insights, and better decision-making. Easily accessible data storage and multiple access and communication channels provide a modern, consistent, and seamless experience for officials as well as the public, facilitating public participation and co-operative governance and inter-departmental collaboration and broadening social inclusion. The cost optimization, data security and potential for open government made possible by cloud services are far superior to manual paper-based processes.
In a highly regulated sector such as the public sector, it is crucial to ensure that any move to the cloud complies with applicable regulation and achieves the obvious benefits without undue risk.
MICROSOFT'S COMMITMENT TO THE SOUTH AFRICA PUBLIC SECTOR
We believe that no cloud services provider has more experience of delivering compliant solutions to the public sector in South Africa than Microsoft. Microsoft is one of the first service providers to actively collaborate with the public sector in South Africa to find ways of optimizing government information and communications technology spend and maximizing the government's return on investment. South Africa's Chief Procurement Officer, Kenneth Brown, and the CEO of SITA, Dr Setumo Mohapi, have acknowledged Microsoft as a strategic partner of the public sector that is willing to provide innovative and unconventional solutions for the public sector's complex and diverse requirements that must be met to achieve our nation's developmental goals.3
Innovative public sector bodies who have already moved to Microsoft's cloud services have reported major successes. The City of Johannesburg piloted a cloud-based consumer engagement application called 'find and fix' that enabled residents to be the City's eyes and ears by reporting road problems such as potholes, faulty traffic lights and damaged manholes. The impact was a reduction in issue resolution times from 32.4 days to less than a day. This changed residents' perceptions of access to service delivery and government efficiency.
The Government Pension Administration Agency's (GPAA) migration to the Microsoft cloud enabled it to go paperless and introduce self service facilities to access data. This enabled the GPAA to address fraud and corruption and build more controls into their processes. It also moved its call centre to the cloud and within three days the new call centre was up and running. The outsourcing of the management of the call centre and the pay-as-you-use model offered by cloud computing has resulted in significant cost savings.
In addition, Microsoft will soon deliver the intelligent Microsoft Cloud for the first time from data centres located in South Africa. The new cloud regions will offer enterprise-grade reliability and performance combined with data residency to help enable the tremendous opportunity for economic growth, and increase access to cloud and internet services for organisations and people across South Africa, and the African continent. This new investment is a recognition of the enormous opportunity for digital transformation in Africa and is a major milestone in the company’s mission to empower every person and every organisation on the planet to achieve more in a safe, secure and legally compliant manner.
Microsoft stands ready to support our public sector customers in South Africa to achieve similar benefits. In addition, our subject-matter experts are available to understand your requirements and provide detailed information on the technical, contractual, regulatory, and practical aspects of any cloud project. This is all part of our commitment to helping our public sector customers smoothly navigate their way to the Microsoft cloud - including Microsoft Azure, Office 365, and Dynamics 365 - with confidence and enjoy the benefits of the digital transformation.
THE REGULATORY ENVIRONMENT
There is presently no uniform regulation for cloud services in South Africa. There are a number of laws that are relevant to any decision to move to cloud services, those that facilitate the use of cloud services and those that place constraints on the manner in which cloud services may be used.
The State Information Technology Agency (SITA) is the government agency responsible for providing centralised information technology, information systems, and related services in a maintained information systems security environment according to approved policy and standards.
National and provincial government departments must procure cloud services through SITA and SITA must certify all services procured by national and provincial government departments for compliance with its standards. Public entities and municipalities may also make use of SITA's services but are not compelled to do so.
SITA has recognized the need for cloud services across government to eliminate the unnecessary duplication of information technology goods and services and leverage economies of scale to provide cost effective services.4 As a result SITA is currently working with Microsoft to leverage the benefits of the cloud, amongst other things.5
Yes, cloud services are permitted. A move to cloud services would facilitate the achievement of a number of government policy objectives and regulatory requirements relating to co-operative governance, public participation and procedural fairness, information security, service delivery, rational decision-making, and administrative efficiency. However, certain processes may need to be followed and certain requirements may need to be met prior to migrating to cloud services.
Microsoft is proud to confirm that it meets regulatory and compliance requirements for use of the cloud in some of the most highly regulated industries across the globe and can help you to achieve compliance with the regulatory and compliance requirements applicable in this sector.
A move to cloud services would require consideration of a number of regulatory regimes.
(i) Public procurement
A public sector body must ensure that when it contracts for information, communication, and technology services it does so in a manner that is fair, equitable, transparent, cost-effective, and competitive.6 This will ordinarily mean that a public sector body cannot contract directly with a supplier but instead must follow a competitive public tender process. National and provincial government departments must procure cloud services through SITA, while municipalities, public entities, and municipal entities may run their own procurement process.7 The procurement process must be evaluated in terms of the preferential procurement points system.8 It may be possible to deviate from a competitive public tender process and approach a supplier directly in circumstances where the procurement is urgent, takes place in emergency circumstances or involves a sole supplier.9 It is also possible in certain circumstances, through transversal contracting, for public sector bodies to opt in to contracts for cloud services procured by other organs of state without having to follow a separate tender process.10 Transversal contracting also allows organs of state to realise financial benefits through economies of scale.
(ii) Access to information, transparency, and public participation
The public sector is required to be accountable, responsive, and open.11 As a result it is obliged to make information publically accessible to allow the public to participate in government processes.
The public has the right of access to records of public sector bodies and the information officer of public sector bodies must consider the request and, where it is granted make the documents available within 30 days of the request being made.12 Public sector bodies may be faced with requests for a significant number of records. Storage of information on the cloud will ensure that all information held by the public body is accessible, searchable, and easy to find with minimal effort to ensure that access to information requests can be addressed timeously.
South Africa is also a founding member and the current chair of the global Open Government Partnership. As signatory to this partnership, the South African Government has committed to making key non-personal public information and data freely available for everyone to use, reuse, and republish as long as certain conditions are met.13
Microsoft's cloud solutions offer significant data storage capacity and multiple access channels to facilitate the achievement of South Africa's commitment to open data.
(iii) Data security
Each government department is required to implement a department-specific information security policy, and the establishment of an information security function and staff to provide for the protection of classified information.14 These policies must be consistent with the Minimum Information Security Standards policy approved by Cabinet. Thus before making a decision to move data to the cloud, a public sector body should consider what types of data will be stored in the cloud, the manner in which the information will be stored (using private cloud infrastructure, including on-premises, or hyperscale cloud infrastructure) and whether the cloud service provider meets the relevant security and other requirements15 for the type of information that will be stored.
In additional all cloud services procured by national and provincial departments must be certified by SITA for compliance with its comprehensive information security environment standards.16 SITA has already certified Microsoft's Office 365 solution, and Microsoft is engaging with SITA to ensure that its other solutions, which meet the highest international standards (as set out more fully in the Recommended Resources below), are also so certified.
(iv) Co-operative governance and interoperability
All spheres of government and all organs of state within each sphere are required to act in accordance with the principles of co-operative government which include co-operating with one another in mutual trust and good faith by informing one another of and consulting one another on matters of common interest and co-ordinating their actions and legislation with one another so as to avoid wasteful duplication and ensure coherent government and effective provision of services.17
The heads of national departments, provincial departments, municipalities, and national or provincial government components will soon be required to acquire and use information technology in a manner that:
- leverages economies of scale
- ensures interoperability of information systems with information systems of other institutions
- eliminates unnecessary duplication of information and communication technologies
- ensures security of information systems18
In addition, they will be required to use information and communication technologies to develop and enhance the delivery of its services, align the use by staff of information and communication technologies to achieve optimal service delivery and promote the access to public services through the use of information and communication technologies.19
All of these obligations can be met cost effectively and comprehensively through the use of cloud services.
In additional all cloud services procured by national and provincial departments must be certified by SITA for compliance with its interoperability standards.20
Under the Protection of Personal Information Act (POPIA), personal information may be transferred out of South Africa as long as the requirements of POPIA are met. POPIA permits the transfer of personal information to a third party who is in a foreign country in specific circumstances, including if the recipient is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection as contemplated in POPIA or with the data subject's consent.
Microsoft holds itself accountable to and is subject to laws of regions in which it maintains data centres, and has binding agreements which, in our view, provide adequate protection. In addition, Microsoft adheres to the EU Model Clauses as well as the EU Privacy Shield and the ISO 27018 Privacy Standard. Microsoft is also committed to ensuring compliance with the EU General Data Protection Regulation (GDPR) which came into force in May 2018.
- 1In this document we use the term public sector to include national government, provincial government, municipalities, public entities, municipal entities and constitutional institutions.
- 2National Development Plan: Our future - Make It Work, 2030 at 190.
- 3National Treasury Media Release entitled 'Office of the Chief Procurement Officer joins forces to reduce costs and enhance efficiency in the public sector' dated 9 December 2016.
- 5National Treasury Media Release entitled 'Office of the Chief Procurement Officer joins forces to reduce costs and enhance efficiency in the public sector' dated 9 December 2016
- 6Section 217 of the Constitution of the Republic of South Africa, 1996
- 7Section 7(4) of the State Information Technology Agency Act, 88 of 1998.
- 8Preferential Procurement Policy Framework Act 5 of 2000
- 9National treasury SCM Instruction Note 3 of 2016/17 entitled "Preventing and Combating Abuse in the Supply Chain Management System".
- 10Regulation 16 of the General Regulations made under the SITA State Information Technology Agency Act, 88 of 1998, Regulation 16A6.5. of the Treasury Regulations made under the Public Finance Management Act, 1 of 1999 and regulation 36 of the Municipal Supply Chain Management Regulations made under the Local Government Municipal Finance Management Act, 56 of 2003.
- 11Section 1(d) of the Constitution of the Republic of South Africa, 1996.
- 12Section 25 of the Promotion of Access to Information Act 2 of 2000.
- 13Paragraph 10.4.4 of the National Integrated ICT Policy White Paper.
- 14The Minimum Information Security Standards, 1996.
- 15Such as requirements arising under the National Archives and Record Service of South Africa Act, 1996.
- 16Section 7(6)(b) of the SITA Act.
- 17Section 41 of the Constitution of the Republic of South Africa, 1996 and sections 5 and 6 of the Intergovernmental Relations Framework Act, 13 of 2005.
- 18Section 14 of the Public Administration Management Act 11 of 2014, which is expected to come into force in 2018.
- 19Section 14 of the Public Administration Management Act 11 of 2014.
- 20Section 7(6)(b) of the SITA Act.
- 21Section 72 of POPIA
WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES
Regulating the Use of Cloud Computing by Financial Institutions
Financial institutions (FIs) are increasingly turning to cloud computing technologies to help them meet their IT needs.LEARN MORE
Microsoft's Views on the Central Bank of Jordan Cloud Computing Guidelines.
Central Bank of Jordan Cloud Guidelines: A Microsoft CommentaryLEARN MORE
Cloud Computing and Data Offshoring for Banks
The Prudential Authority, an entity within the South African Reserve Bank (“SARB”) that works to ensure the safety and soundness of financial institutionsLEARN MORE
A compliance checklist for financial institutions in Nigeria
Microsoft is committed to providing a trusted set of cloud services to financial institutions in Nigeria. This checklist is aimed at financial institutions in Nigeria who want to use Microsoft cloud services.LEARN MORE
Trust In A Rapidly Changing Financial Services Market
Read on to find out how the adoption of cloud and knowledge of cloud regulations can help banks and financial institutions mitigate the disruptive influence of FinTech firms.LEARN MORE
Safe Cloud Principles for the Financial Services Industry
Learn more about the best practices that help financial institutions focus on and navigate through the relevant regulatory issues when moving to the cloud.LEARN MORE
Learn more about how Microsoft's Trusted Cloud can help banks and insurers meet their regulatory responsibilities.LEARN MORE
Financial Services, Banking and Capital Markets
Learn more about how Microsoft's cloud technology can help engage customers, empower employees, and optimise operations in the Financial Services, Banking, and Capital Markets industry.LEARN MORE
Data Sovereignty & the cloud – a Healthcare perspectiveLEARN MORE
Responding to the evolving cyber threat landscape in the healthcare sectorLEARN MORE
Microsoft Cloud for HealthLEARN MORE
Microsoft's Virtual Healthcare Information and Management Systems Society (HIMSS) BoothLEARN MORE
Democratizing AI in HealthLEARN MORE
Data Sovereignty - the Oil and Gas PerspectiveLEARN MORE
Responding to the evolving cyber threat landscape in the oil and gas sectorLEARN MORE
Microsoft Cloud for Oil & Gas and Mining Industry.LEARN MORE
Drill Deeper into Digital.
Accenture and Microsoft 2017 Upstream Oil and Gas Digital Trends Survey.LEARN MORE
Banco Angolano de Investimentos (BAI Group)
Innovative Angolan bank rethinks business with a cloud-first approach Read more…
goeasy improves productivity, increases employee satisfaction with Surface Book and Office 365 Read more…
International banking institution increases growth and market share through digital transformation Read more…
Towards a more secure digitized stock trading venue in Kuwait Read more…
Ecobank Ghana Limited
Microsoft Power BI solution helps boost Ecobank’s business performance Read more…
Digital payments company answers questions about using Azure Blockchain Workbench to help build a more prosperous Africa Read more…
The power of four: African bank embraces digitalization and increases efficiency with time-saving Microsoft Flow, PowerApps, Power BI, and SharePoint Read more…
Internet and mobile apps, move over. The new industry disrupter is bot technology. Nedbank, one of the major Read more…
Diamond Bank Plc
Diamond Bank is one of the 22 financial institutions operating in Nigeria, with a mission Read more…
ABN AMRO BANK
To prepare for its digital transformation, ABN Amro simplified and rationalized its IT Read more…
Kuwait Finance House
Islamic banking pioneer innovates again with digital banking shift Read more…
Société Générale Corporate & Investment Banking
This article is part of a series about customers who've worked closely with Microsoft on Service Fabric Read more…
I Choose Life Africa
Supported by cutting-edge Microsoft solutions, Kenyan nonprofit I Choose Life – Africa (ICL) is helping to grow and scale critical sustainable development initiatives across the country, affecting more than one million lives. Read more…
Kenya Red Cross
With solutions based on Microsoft Azure, Dynamics 365, Office 365, and Power BI, the Kenya Red Cross Society is now better equipped to provide key humanitarian aid. Read more…
James 127 Trust
Powered by Microsoft solutions like Azure, the James 1:27 Trust works to improve the quality and reach of care for some of Africa’s most vulnerable children, while supporting other NGOs across the continent Read more…
Based in South Africa, 2Enable is a leading nationwide digital education solution with roots in the Casterbridge Music Development Academy. Read more…
Human Development Foundation
Pakistan-based nonprofit the Human Development Foundation empowers marginalized communities through social capital development, quality education, healthcare, economic development, and sustainable environment initiatives. Read more…
The Citizens Foundation
By building schools in Pakistan’s impoverished areas and rural communities and providing training for principals and teachers, The Citizens Foundation is building a brighter future for all. Read more…
Lebanese Red Cross
With solutions based on Microsoft Azure, Dynamics 365, Office 365, and Power BI, the Lebanese Red Cross is moving toward real-time monitoring and response. Read more…
Qatar Computing Research Institute (QCRI)
Qatar research institute embraces the power of AI for global impact Read more…
Gauteng Provincial Government (GPG)
Youth unemployment in South Africa is 30 percent. Microsoft Services is helping change that. Read more…
Buffalo City Metropolitan Municipality
South African Eastern Cape residents benefit from digitally transformed services Read more…
Iconic London conference center revolutionizes workplace with Microsoft 365 Read more…
Abu Dhabi Global Market Courts
Pioneering digital transformation in the legal and justice system Read more…
Mobile APP on Azure launches for George. Read more…
Johannesburg Roads Agency
The Johannesburg Roads Agency (JRA) maintains roadways, bridges, and Read more…
Gauteng Provincial Legislature
Gauteng Provincial Legislature (GPL), the legislative arm of one of South Africa’s Read more…
Hollands Kroon has radically reimagined what it means to work in Read more…
University Puerto Rico Humacao
The University of Puerto Rico at Humacao wanted to reduce crime and improve compliance Read more…
Agrimetrics is one of four agritech centres set up using government funding with the Read more…
Business Sweden, an organization that helps Swedish companies to grow their global Read more…
New York’s largest healthcare provider streamlines patient care processes with Microsoft business applications Read more…
With Azure AD B2C, top UK healthcare provider now offers a secure web portal as user-friendly as its facilities Read more…
National Department of Health, South Africa
The South African government’s National Department of Health (NDoH) Read more…
Providence St. Joseph Health
Providence St. Joseph Health is moving beyond the typical Read more…
Varian Medical Systems is a leading radiotherapy company recognized for its advanced treatment Read more…
Medical Teams International, a nonprofit provider of health care and humanitarian aid Read more…
Opened in 2005, Soddo Christian Hospital is a 130-bed, full-service facility serving Wolayita Read more…
Transforming IT to create organizational value requires a change in outlook Read more…
Italian National Institute for Insurance Against Accidents at Work
The National Institute for Insurance Against Accidents at Work (INAIL) in Italy wanted to Read more…
365mc improves the efficiency and safety of Liposuction with data analysis Read more…
Scientific Drilling International
Scientific Drilling International uses Power BI to optimize operations Read more…
Chevron productivity climbs with security-enhancing Microsoft cloud services Read more…
Royal Dutch Shell mining oil gas office365
Employee engagement soars as Shell energizes internal communication with Office 365 Read more…
The global population today is approximately 7.4 billion today, and is projected to Watch video
Shell mining oil as azure databricks
Shell invests in safety with Azure, AI, and machine vision to better protect customers and service champions Read more…
Chevron Customer Video
Chevron Customer Video Watch customer video
Royal Dutch Shell
Shell gives developers freedom to create, reduces IT costs with dev-test solution in the cloud Read more…
BP deploys Microsoft 365 to improve user experience and security Read more…
Royal Dutch Shell
How AI is building better gas stations and transforming Shell’s global energy business Read more…
Qatar’s Oryx Gas-to-Liquids (GTL) runs world-leading industrial Read more…
Seadrill is the leading oil and gas deep-water driller, operating globally Read more…
Naas, Ireland–based Oilfield Solutions (OFS) seeks to be a “powerful partner” Read more…