Main
Log in

Conclusion: The Agency Head/CEO is responsible to accredit the ICT system for use at the PROTECTED level. The accreditation process is specific to the services being delivered for the organisation. The Australian Signals Directorate (ASD) certification process is a generic process that assesses the Cloud Service Provider’s (CSP) level of security only.

The Agency Head/CEO remains responsible as the Accreditation Authority (AA) to accredit the security readiness for the services to be delivered for their organisation. In practice the CIO/CISO will lead the accreditation process on behalf of the CEO.

ASD’s role as the Certifying Authority (CA) for PROTECTED Cloud services provides the agency/organisation using the CSP with independent assurance that the services offered meet government Information Security Registered Assessors Program (IRAP) requirements and vulnerability assessment requirements at the PROTECTED level. The certification process provides a consistent approach to the cyber risk assessment of the CSP’s environment only. The PROTECTED Cloud certification does not cover security assessment related to the design and maintenance of the customers’ services and/or software to be run on the PROTECTED Cloud platform.

The adoption of a PROTECTED Cloud solution will still require a regular review of the security posture. ASD will conduct regular reviews of their processes as the certifying authority (CA), and the Agency Head/CEO will be required to regularly review the accreditation of the service as a whole.

Existing Client Login



This Advisory paper is only available to IBRS Advisory clients. To find out more about becoming an IBRS Advisory client complete the attached form and we will be in touch.
Please let us know your name.
Please let us know your email address.
Please enter a valid phone number
Invalid Input

Register to read more...

Related Articles:

"Running IT-as-a-Service Part 38: Successful hybrid Cloud requires multi-provider governance framework" IBRS, 2018-02-01 10:08:33

"Running IT-as-a-Service Part 49: The case for hybrid Cloud migration" IBRS, 2019-02-03 01:26:59

"Should elements of your IT environments and data holdings be classified PROTECTED? Why and what to consider" IBRS, 2019-01-06 22:27:44

"The value proposition for PROTECTED Cloud" IBRS, 2019-02-03 01:32:06

In the News

New cyber security rules reset $8b cloud marketplace - Financial Review - 26 July 2020

Philip Nesci, IBRS adviser and former CIO, has warned that agencies will need to get their information management sorted out to capitalise on the new rules. ‘‘Agencies need to identify their...
Read More...

Australia can build a culture of employee-led innovation - DropEverything - 24 July 2020

IBRS advisor Dr. Joseph Sweeney discusses why it falls to individuals to look at improving their work in a post-COVID world. Dr. Sweeney comments on the need to build a culture of innovation that...
Read More...

Outdated work from home policies bog down Aussie businesses - Computer Reseller News - 6 April 2020

IBRS analyst Dr. Joseph Sweeney provides best practice-advice on working from home in the current pandemic situation. Dr. Joseph Sweeney discusses current working from home policies which are...
Read More...

Centrelink crashes under demand for crisis payments - Australian Financial Review - 23 march 2020

IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with...
Read More...

Inside EY's security work at ANZ - Australian Financial Review - 3 March 2020

"There is more security work to go round than there are resources. So I don't think the market is that crowded. It's important to remember that security is not something you buy and then it's done;...
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap