Protect Sensitive Content with Australia’s Cloud Security Gold Standard
Australian government organizations and their suppliers depend on independent IRAP compliance assessors to certify top levels of security and compliance in cloud-hosted systems. The Kiteworks platform as a service (PaaS) offering was IRAP assessed on 10 February 2022 against PROTECTED level controls. Kiteworks’ industry-leading hardening and security controls can now benefit federal, state, and local Australian agencies as well as any company in the world conducting business with Australian federal and state agencies.
Protect Sensitive Content With Maximum Security
Security | IRAP Compliance
- Application and data 100% hosted within Australia
- Separate AWS virtual private cloud (VPC) for all processing
- Dedicated server, isolated from all other customers on Amazon Cloud
- Customer controls the encryption keys so only they can access the files
- Comprehensive reporting and audit trails
Rely on Kiteworks’ Proven Defense in Depth
Hardening | IRAP Compliance
- Customer-configurable policy and security controls and integrations
- Hardened virtual appliance with WAF and network firewalls
- Zero-trust principles in communications between internal services
- Automated alerting and intrusion detection
- Comprehensive, unified logging for rapid event response
Maximize Uptime and Protection With Premium Support
Premium Support | IRAP Compliance
- Tightened SLA and priority case handling
- 24/7 system monitoring
- Named service representatives
- Patching and update services
Do More With IRAP
Additional Benefits | IRAP Compliance
- Compliant with GDPR, SOC 2, SSAE-16, and many other regulations
- Demonstrates to customers that security is a top priority
- A best practice in securing and sharing sensitive information
- A distinct competitive advantage for commercial businesses
Frequently Asked Questions
The Information Security Registered Assessors Program (IRAP) attests to the ability of private and public organizations to meet cybersecurity requirements in Australia. IRAP assessors help businesses doing work for the Australian government by independently assessing their cybersecurity posture. They identify risks and suggest mitigation measures. This helps ensure that those businesses have the right security policies and controls in place to meet Australian Government Information Security Manual (ISM) requirements.
IRAP compliance is important because it ensures that organizations doing business in Australia are taking the necessary steps to protect sensitive data and prevent cyberattacks. IRAP compliance helps organizations demonstrate their commitment to information security, which is critical for protecting sensitive content like customer data as well as building trust with customers and partners.
Organizations that provide services to the Australian government or store sensitive data belonging to Australian citizens need to comply with the Information Security Registered Assessors Program (IRAP). This includes businesses that handle credit card information, privatepatient information, financial or tax records, or intellectual property. Government agencies, critical infrastructure providers, and high-risk professions such as legal and accounting firms are among those that must comply with IRAP.
Organizations can achieve IRAP compliance by working with a registered assessor to undergo an assessment of their information security posture. The assessment will evaluate an organization’s compliance with the Australian Government Information Security Manual (ISM), as well as other relevant security standards and regulations. If the assessor deems the organization compliant with the ISM, the organization is recognized for achieving a specific levelof assessment, e.g., “assessed to PROTECTED level.”
Yes. IRAP in fact is often considered to be a more rigorous and comprehensive standard than other information security regulations, such as the Australian Privacy Principles or the PaymentCard Industry Data Security Standard (PCI DSS). As a result, compliance with IRAP can be used to demonstrate compliance with other regulations that may be less comprehensive or stringent. However, it is important to note that each regulatory body may have its own specific requirements and standards for compliance, so organizations should consult with their legal and compliance teams to ensure that they are meeting all necessary requirements.