In order to establish the merits of storing government data with a contracted private sector cloud company, departments should use the Technology Code of Practice principles and follow the government Cloud First policy. Both of these policies provide clear guidelines of the things a department should consider, recognising that there is not one single solution for all departments.
It is the responsibility of each government department to take risk-based decisions about their use of cloud providers for the storage of government data up to “OFFICIAL” level. When considering a commercial provider, departments should take into account the cloud security principles developed by the National Cyber Security Centre (https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles).
Finally, the solution must provide the best value for the taxpayer.