How to Write a Distinction-Grade COM7033M Cloud Computing Portfolio

Published: March 05, 2026  |  IT & Cloud Computing

Tackling the COM7033M Cloud Computing Portfolio is no easy feat. At 5,000 words, this postgraduate-level module requires you to seamlessly blend deep technical knowledge (like Cloud APIs and SDLC) with strict legal compliance and business risk management. It is not just about knowing what the cloud is—it is about proving you can manage a secure, enterprise-level cloud migration.

If you are struggling to structure your portfolio or format your York St John Harvard referencing, you are not alone. Here is a breakdown of how to hit the Distinction (70%+) mark across all four sections of the COM7033M assignment.

Part 1: Mastering IaaS, PaaS, SaaS & BIA

For the first 20 marks, you cannot just write generic definitions of Infrastructure, Platform, and Software as a Service. You need to apply them strategically.

• The Distinction Tip: explicitly link the risks back to the service model in your Business Impact Analysis (BIA). For example, highlight that the customer bears the risk of OS-level patching in IaaS, whereas in SaaS, the vendor handles it.

Part 2: Real-World BC/DR Policies

Part 2 requires you to compare and contrast two real-world cloud providers (like AWS, Microsoft Azure, or Google Cloud) regarding their Business Continuity and Disaster Recovery (BC/DR) backups.

• The Distinction Tip: Do not just list their features. Compare their Service Level Agreements (SLAs). Discuss their Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) in real-time failover scenarios.

Part 3: Cloud APIs, SDLC, and Identity Management

This is the most technical section of the COM7033M portfolio. You are evaluated on how software interacts with the cloud and how users are authenticated.

• The Distinction Tip: When discussing Identity Management, focus heavily on Zero Trust Architecture and OAuth 2.0. Explain how integrating IAM (Identity and Access Management) into the Cloud SDLC prevents massive data breaches before code is deployed.

Part 4: Legal Compliance (HIPAA & SOC Reports)

The final 30 marks are heavily weighted toward cybersecurity compliance and risk governance. You must evaluate HIPAA rules, compare SOC 1, SOC 2, and SOC 3 reports, and define risk appetite vs. tolerance.

• The Distinction Tip: Make a clear, boardroom-level distinction between Risk Appetite and Risk Tolerance. Clearly explain that SOC 2 Type II is the gold standard for proving long-term data security to stakeholders.