The Cloud Computing Consideration Policy (2020) of the Government of the Republic of Trinidad and Tobago

March 2020

View the original document

Strategies and Action Plans

The Cloud Computing Consideration Policy (2020) of the Government of the Republic of Trinidad and Tobago (GoRTT) is a comprehensive framework designed to guide Ministries, Departments, and Agencies (MDAs) in responsibly adopting cloud services. It aligns with Vision 2030 and the National ICT Plan 2018–2022, promoting good governance and service excellence through digital transformation.

The purpose

The policy recognises that cloud computing represents a global paradigm shift from capital-intensive ICT investments to service-based, usage-driven models. It aims to provide clear guidance, ensure the security of government and citizen data, and encourage MDAs to adopt cloud solutions where they provide the best value for money, comply with legislation, and effectively manage risks.

Guiding principles

The policy sets out key principles, including:

  1. Value for money and cost transparency – all cloud services must be procured with a clear understanding of consumption costs.
  2. Agility and scalability – ICT resources should be available on demand, across devices and locations.
  3. Whole-of-Government (WoG) collaboration – shared platforms and interoperable services for efficiency.
  4. Information security – alignment with international standards such as ISO/IEC 27001, 27017, and 27018.
  5. Resilience and business continuity – systems must reduce downtime risks.
  6. Risk-based decision-making – security and privacy risks must be identified and addressed before adoption.

Scope and objectives

The policy applies to all MDAs. Its objectives are to:

  • raise awareness of cloud benefits,
  • provide strategic direction for adoption,
  • establish secure access mechanisms,
  • encourage use of fit-for-purpose cloud applications,
  • eliminate duplication of ICT infrastructure through shared services, and
  • support collaborative initiatives and best-practice exchange.

Hybrid govcloud model

The policy establishes a Government Cloud (GovNeTT NG), delivered through a hybrid model. It combines:

  • Private cloud for sensitive or confidential government data, hosted in approved local data centers.
  • Public cloud for less sensitive workloads, accessed via accredited providers.
  • Software as a Service (SaaS) productivity tools (email, spreadsheets, forms, etc.), owned and controlled by GoRTT.

MDAs are generally required to use GovNeTT NG services, with opt-out provisions only in cases such as national security, legal restrictions, or specialised international/educational arrangements.

Cloud service provider catalogue

An online catalogue of accredited domestic and international Cloud Service Providers (CSPs) will be maintained. This ensures transparency in pricing, compliance with GoRTT cloud standards, and guarantees that all contracts are subject to Trinidad and Tobago’s jurisdiction.

Essential considerations

The policy highlights several critical issues for cloud adoption:

  1. Human capital – skilled staff for cloud architecture, security, and operations.
  2. Security – mandatory compliance with ISO/IEC standards and use of encryption.
  3. Data classification – four tiers (Unrestricted, Official Sensitive, Confidential/PII, Strictly Confidential). Each tier determines a suitable cloud deployment (public or private).
  4. Legislative compliance – alignment with the Data Protection Act, Electronic Transactions Act, FOIA, and Computer Misuse Act.
  5. Data ownership – GoRTT retains full rights over all data stored in the cloud.
  6. Funding – recognition of the shift from capital expenditure (PSIP) to recurrent operating budgets.
  7. Procurement compliance – adherence to the Public Procurement and Disposal of Public Property Act, with Total Cost of Ownership assessments.
  8. Contracts – standardised terms to ensure data ownership and exit provisions.
  9. Interoperability – based on e-GIF and e-GOTS frameworks to prevent vendor lock-in.

Migration methodology

The policy provides a three-step migration framework:

  1. Situational analysis – assess current ICT environment, risks, and potential benefits.
  2. Provision – create migration roadmap, project team, and milestones.
  3. Manage and monitor – test systems, monitor performance, ensure contractual compliance, and prepare for disaster recovery and exit strategies.

Benefits and outcomes

Appendices highlight benefits such as:

  • cost efficiency and reduced duplication,
  • scalability and agility,
  • stronger disaster recovery and business continuity,
  • faster deployment of digital public services,
  • improved budget control through utility-based billing models.

Governance and review

The policy mandates annual reviews to incorporate implementation feedback, quantify cost savings, and evaluate improvements in public service delivery. MDAs are encouraged to share best practices, case studies, and lessons learned to foster a collaborative digital government culture.