These services also are part of the IBM Cloud for Financial Services offering available in Australia. The IRAP assessment was based against the Australian Government’s Information Security Manual (ISM) guidance for 772 controls. IBM had previously achieved IRAP PROTECTED status for a core set of Infrastructure as a Service (IaaS) offerings and IBM’s Cloud Hyper Protect Crypto Service.
The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to government agencies. Administered by the Australian Cyber Security Centre (ACSC), IRAP assessments help government agencies verify that appropriate controls are in place for addressing ICT security requirements detailed in the Australian Government Information Security Manual (ISM) produced by the ASD, which includes the Australian Cyber Security Centre’s Essential Eight controls.
The IaaS Classic services previously completed an IRAP PROTECTED assessment in August 2021 against the April 2021 version of the ISM. The same April 2021 ISM version was used to conduct the review of the additional VPC and PaaS services.
For Government agencies and organisations looking to leverage IRAP PROTECTED compliance, IBM now provides this capability to core IaaS/VPC and PaaS services that are available across IBM Cloud’s Australia Multi-Zone Region Data Centres. These facilities are SCEC Zone 3 certified, and IBM is a Strategic Certified Cloud Provider under the Australian Government’s Hosting Certification Framework. In addition, IBM provides a broad range of certification capabilities, including ISO 27K, CSA STAR, PCI DSS and SOC 1/2/3 across the global MZR/data centre footprint, which includes the three Australian data centres. More information on those compliance capabilities is available on IBM.com.
Organisations looking to mitigate risk will be able to leverage these newly assessed services that are also part of the IBM Cloud for Financial Services, with several additional capabilities that can help reduce risk for Financial Services and Government organisations. For Critical Industries, the IRAP assessment provides substantiation that IBM Cloud meets the Cyber Framework requirements of the Security of Critical Infrastructure (SoCI) Act, with our HCF Certification addressing the broader risk management provisions.
By engaging with IBM as an IRAP PROTECTED cloud services provider, Government agencies can be assured that IBM is actively addressing and maintaining the security guidance requirements detailed in the ISM. This can help organisations accelerate their cloud adoption and transformation journey by addressing the key requirements for regulated workloads. Coupled with IBM’s broad portfolio of cloud services, hybrid cloud and consulting, these IaaS, VPC and PaaS services provide the foundation for a robust set of capabilities that can support sensitive workloads at the IRAP PROTECTED level.