History of the CloudCode

This page outlines some of the history of the establishment of the CloudCode in New Zealand. This page will be updated as the projects progresses.

This page contains more information on the following milestones:


Early-Mid 2011: Call for a Code of Practice for Cloud Computing

In Early 2011 a number of leaders from the New Zealand cloud and ICT industry began calling for a Code of Practice or similar for Cloud Computing. This included the New Zealand Privacy Commissioner Marie Shroff, Xero CEO Rod Drury, NZ Computer Society (as it was then) CEO Paul Matthews and Cloud commentator Ben Kepes.

These calls were repeated at the inaugural Nethui conference in July 2011, where the idea began to gain traction.


September 2011: Workshop held in Wellington, NZCS to progress

In August 2011, Xero CEO Rod Drury called together a group of representatives from significant Cloud Computing players. This group met in Wellington and discussed the need for a Code of Practice. Organisations represented included Xero, Gen-I, Microsoft, Fronde, Centranum, Cloud Sherpas, Simmonds Stewart, Equinox, Localist, Webb Henderson, NZCS, InternetNZ and others plus observers from the Privacy Commission and Government CIO's office.

What became clear from this workshop was the specific need for a voluntary Code of Practice for Cloud Computing, to help protect the reputation of those providing professional services to acceptable standards as well as help define what good practice should look like in New Zealand.

This group agreed to support the implementation of the NZ Cloud Computing Code of Practice to establish an agreed set of clear minimum and recommended practice guidelines for those operating in the space.

The NZ Computer Society (NZCS, now called the Institute of IT Professionals NZ) was asked to independently facilitate the establishment of what became the CloudCode, funded by industry and on behalf of the ICT community in New Zealand. NZCS/IITP was chosen as it is a fully independent organisation without allegiance to any particular vendor or vendors and has experience in creating Codes of Practice and other related documents.


October 2011: Terms of Reference Agreed

In October 2011 and following broad consultation, the Terms of Reference were agreed for the development of the CloudCode and a Steering Group was established to oversee the project.

A number of Cloud providers and other stakeholders agreed to contribute to the cost of researching and developing the Code of Practice, including Equinox IT, Gen-i, OneNet, Webdrive, Xero, the NZ Computer Society (now the Institute of IT Professionals NZ Inc),, Google, EOSS Online, InternetNZ, NZRise and Systems Advisory Services.

NZCS contracted iServe co-founder Joy Cottle to run the consultation for the establishment of the CloudCode.


January 2012: Structure and Approach Agreed

Following broad consultation including workshops held in Auckland, Wellington, Christchurch and via telepresence SmartMeeting, plus formal submissions and an industry survey, the Structure and Approach for the CloudCode was agreed by consensus of the Cloud community.

It was agreed that the Code of Practice would be voluntary and opt-in, and Disclosure-based rather than prescriptive. This meant that the CloudCode would outline what would be disclosed by those compliant with the Code (later called "Signatories") but would not contain specific requirements, due to the differing nature of users' needs in the Cloud space.

For example, a system providing a cloud storage facility for publicly-accessible brochures would have completely different requirements to a Cloud-based medical records system and the best approach to meet both needs would be to empower potential users with the information necessary to make an informed decision.


March 2012: Draft CloudCode released for Consultation

Following considerable work by a range of experts in 9 working groups facilitated by the NZCS, the first major draft of the CloudCode was released for Consultation. This was almost universally welcomed and considerable feedback was received and incorporated into the draft.


May 2012: Version 1.0 released at 2012 NZ Cloud Computing Summit

Following further feedback from the Cloud industry, Version 1.0 of the CloudCode was released during the keynote presentation at New Zealand's premiere Cloud Computing event, the NZ Cloud Computing Summit.

Version 1.0 contained the disclosures and other surrounding material.


Later 2012: Consultation on Register and Complaints

Following release of Version 1.0 of the Cloudcode, consultation began on the "next steps": who would operate the CloudCode and whether a Register of Compliant Companies (as it was known as then) would be established as well as the complaints process.


Early 2013: Consultation on changes for Version 2.0

In early 2013 the Institute of IT Professionals NZ (as it was now known) undertook broad industry consultation on a range of changes requested by providers and others, ahead of the release of a Register of Signatories.

This included whether the approach to security should be reviewed (and moved to a voluntary disclosure, in line with the rest of the CloudCode) as well as other changes.


July 2013: Consultation begins on Australian adoption

Following ongoing discussions between IITP and Australian government representatives and other parties, the ACS was asked to consult with the Cloud industry in Australia regarding Australian adoption of the CloudCode.


July 2013: CloudCode Version 2.0 Released in NZ

Following extensive analysis of the earlier consultation and in preparation for the release of the Register as well as international adoption, Version 2.0 of the CloudCode was released in July 2013.

Version 2.0 also coincided with the release of the new CloudCode branding and website.


August 2013: Register released at 2013 NZ Cloud Computing Conference

The Institute released the public Register of CloudCode Signatories at the 2013 Cloud Computing Conference in August 2013. This meant Cloud Providers could formally sign up to the CloudCode (previously it was a document that providers could use, but not promote as being compliant with).

Providers who become formal Signatories appear on the public Register, plus have access to the CloudCode Signatory logo and related branding to help differentiate themselves as transparent operators.