Back in September, more than 10 million Australians’ personal data was compromised in the Optus Data Breach. The attack, which some experts even dubbed the worst data breach in the history of Australia, dominated the news cycle for weeks, and the messy situation left many in Australia and around the world wondering if their data may be next.
Build your business resiliency plan: Download the Ransomware Readiness Checklist
Beyond causing fear and concerns around data privacy, the hack validated the importance of a third-party assessment of the security postures of any organisation hosting personal data. That is why we are pleased to share that AvePoint completed the stage 2 IRAP assessment and was assessed to the PROTECTED level.
Here’s everything you need to know about our latest certification and what it means for you.
What is an IRAP assessment?
The Information Security Registered Assessor Program, more commonly called IRAP, was developed by ASD (Australian Signals Directorate). It provides an independent review of an organisation’s security against Australian government policies and policies.
Passing the assessment, which is conducted by an independent, endorsed IRAP assessor reviewing more than 1200 controls, certifies the organisation’s products and platforms meet the highest standard of cybersecurity and information security assessments for ICT systems processing or storing government information.
AvePoint and IRAP
AvePoint’s first IRAP assessment was in 2021. We partnered with the Australian Transport Safety Bureau (ATSB) to initiate the assessment to help modernise and further automate the ATSB’s record management.
This year’s assessment, conducted in partnership with Security Centric, assessed AvePoint Online Services (AOS) cloud platform, and its Cloud Backup, Cloud Governance, Policies & Insights and Cloud Records solutions. Together, the products and AvePoint’s services were assessed to the PROTECTED level, the highest level AvePoint can reach as an Independent Software Vendor (ISV).
Achieving this tier in our latest assessment further validates AvePoint’s expertise in helping government organisations identify, capture, and manage data and records while adhering to the highest standards of security and data protection.
Why IRAP authorisation matters
While an IRAP assessment is essential for federal and state agencies, local councils, and other public sector organisations to assess a provider before trusting them with private data, any organisation should care if their vendor is IRAP authorised.
That’s because an IRAP assessment is a formal, rigorous evaluation, reviewing more than just technology, but also people and processes against the requirements of the Information Security Manual (ISM). After a provider undergoes an IRAP assessment, you can confidently leverage their solutions, knowing they went through a thorough process to ensure a secure platform.
Further, because they often hold data of private citizens, public organisations face enhanced scrutiny of their data protection and cloud security controls. As trusted partners of hundreds of public sector organisations in Australia, you should feel assured in AvePoint’s depth of expertise in securely migrating, managing, and protecting sensitive data.
AvePoint Committed to Public Sector Cloud Security
AvePoint has a long-standing commitment to cloud security, both in public and private sectors, and strives to ensure our products offer the utmost security controls. Our latest IRAP assessment reasserts our commitment to and capabilities in protecting sensitive data, but it also confirms we don’t just sell security and privacy products — we practice what we preach.
More than 230 government entities in Australia use AvePoint to migrate, manage and enhance protection of their Microsoft 365 and SharePoint data, and we do not take their trust lightly. As more organisations in Australia and around the world continue to adopt the cloud and conduct their business digitally, we want them to continue to feel confident that their data is safe with us.
I’m thrilled to have yet again achieved this security standard, as well as our other security certifications like ISO 27001, SOC II Type 2, FedRAMP, and CSA STAR. To learn more about AvePoint’s policies and certifications around security, privacy and accessibility, please visit the AvePoint Trust Center: https://www.avepoint.com/company/trust-center.