IBM Cloud® compliance: IRAP (Australia)
Illustration showing two people standing on platforms, with one person looking at a map display and the other regarding a security shield
What is IRAP?

The Infosec Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) program administered by the Australian Cyber Security Centre (ACSC) to help government agencies verify that appropriate controls are in place for addressing information and communications technology (ICT) security requirements. The IRAP framework is based on the requirements of the Australian Government Information Security Manual (ISM) and provides a process by which a technology provider can demonstrate its compliance with the ISM.

IRAP assessments are required for cloud services procured by Australian federal, state, and local government agencies. As part of the updated IRAP Policy (2020), Cloud Service Providers (CSPs) are required to complete a baseline assessment using an independent third-party certified assessor that covers the CSP fundamentals and service-specific controls. 

IBM position

IBM Cloud infrastructure services maintains an IRAP PROTECTED level assessment that Australian Government clients can leverage to establish a highly secure and compliant environment within IBM Cloud. The IBM Cloud infrastructure PROTECTED assessment included Security Construction and Equipment Committee (SCEC) Zone 3-certified data centers with video surveillance.

The Australian Taxation Office certified IBM Cloud infrastructure services for the processing, storing, and transmitting of Australian Government information classified up to, and including, PROTECTED for the IaaS services detailed within the IRAP assessment scope.

Reports and other documentation

Australian Government clients may request the IBM Cloud Infrastructure IRAP PROTECTED Assessment and Certification Package.

For more information, contact your IBM representative.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs