Main
Log in

Conclusion: The Agency Head/CEO is responsible to accredit the ICT system for use at the PROTECTED level. The accreditation process is specific to the services being delivered for the organisation. The Australian Signals Directorate (ASD) certification process is a generic process that assesses the Cloud Service Provider’s (CSP) level of security only.

The Agency Head/CEO remains responsible as the Accreditation Authority (AA) to accredit the security readiness for the services to be delivered for their organisation. In practice the CIO/CISO will lead the accreditation process on behalf of the CEO.

ASD’s role as the Certifying Authority (CA) for PROTECTED Cloud services provides the agency/organisation using the CSP with independent assurance that the services offered meet government Information Security Registered Assessors Program (IRAP) requirements and vulnerability assessment requirements at the PROTECTED level. The certification process provides a consistent approach to the cyber risk assessment of the CSP’s environment only. The PROTECTED Cloud certification does not cover security assessment related to the design and maintenance of the customers’ services and/or software to be run on the PROTECTED Cloud platform.

The adoption of a PROTECTED Cloud solution will still require a regular review of the security posture. ASD will conduct regular reviews of their processes as the certifying authority (CA), and the Agency Head/CEO will be required to regularly review the accreditation of the service as a whole.

Existing Client Login



This Advisory paper is only available to IBRS Advisory clients. To find out more about becoming an IBRS Advisory client complete the attached form and we will be in touch.
Please let us know your name.
Please let us know your email address.
Please enter a valid phone number
Invalid Input

Register to read more...

Related Articles:

"Running IT-as-a-Service Part 38: Successful hybrid Cloud requires multi-provider governance framework" IBRS, 2018-02-01 10:08:33

"Running IT-as-a-Service Part 49: The case for hybrid Cloud migration" IBRS, 2019-02-03 01:26:59

"Should elements of your IT environments and data holdings be classified PROTECTED? Why and what to consider" IBRS, 2019-01-06 22:27:44

"The value proposition for PROTECTED Cloud" IBRS, 2019-02-03 01:32:06

In the News

Centrelink crashes under demand for crisis payments - Australian Financial Review - 23 march 2020

IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with...
Read More...

Inside EY's security work at ANZ - Australian Financial Review - 3 March 2020

"There is more security work to go round than there are resources. So I don't think the market is that crowded. It's important to remember that security is not something you buy and then it's done;...
Read More...

Google cloud boss looks to AI as it fights Amazon, Microsoft duopoly - Australian Financial Review - 2 March 2020

IBRS analyst Joe Sweeney has been tracking the three major Cloud vendors capabilities in AI and said Google is right to believe it has an edge over AWS and Microsoft when it comes to corpus (the...
Read More...

What should be in Australia’s next cyber security strategy? - Computer Weekly - 10 Feb 2020

Peter Sandilands, an advisor at analyst firm IBRS, called the discussion paper “a pre-judged survey” that is mostly looking for answers. He also questioned if the resulting recommendations would be...
Read More...

How Do You Choose The Best Application Environment For Your Business? - WHICH-50 - 8th October 2019

According to a new IBRS study, spend on enterprise solutions is set to increase in 2019-2020. Both IT and line of business buyers need to consider how they manage procurement of these new solutions...
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap