AvePoint’s IRAP Assessed Solutions Achieve “PROTECTED” Level

Post Date: 03/14/2023
feature image

Back in September, more than 10 million Australians’ personal data was compromised in the Optus Data Breach. The attack, which some experts even dubbed the worst data breach in the history of Australia, dominated the news cycle for weeks, and the messy situation left many in Australia and around the world wondering if their data may be next.  

Build your business resiliency plan: Download the Ransomware Readiness Checklist 

Beyond causing fear and concerns around data privacy, the hack validated the importance of a third-party assessment of the security postures of any organisation hosting personal data. That is why we are pleased to share that AvePoint completed the stage 2 IRAP assessment and was assessed to the PROTECTED level.  

Here’s everything you need to know about our latest certification and what it means for you.  

What is an IRAP assessment? 

The Information Security Registered Assessor Program, more commonly called IRAP,  was developed by  ASD (Australian Signals Directorate). It provides an independent review of an organisation’s security against Australian government policies and policies.  

Passing the assessment, which is conducted by an independent, endorsed IRAP assessor reviewing more than 1200 controls, certifies the organisation’s products and platforms meet the highest standard of cybersecurity and information security assessments for ICT systems processing or storing government information. 

AvePoint and IRAP  

AvePoint’s first IRAP assessment was in 2021. We partnered with the Australian Transport Safety Bureau (ATSB) to initiate the assessment to help modernise and further automate the ATSB’s record management. 

This year’s assessment, conducted in partnership with Security Centric, assessed AvePoint Online Services (AOS) cloud platform, and its Cloud Backup, Cloud Governance, Policies & Insights and Cloud Records solutions. Together, the products and AvePoint’s services were assessed to the PROTECTED level, the highest level AvePoint can reach as an Independent Software Vendor (ISV).

Achieving this tier in our latest assessment further validates AvePoint’s expertise in helping government organisations identify, capture, and manage data and records while adhering to the highest standards of security and data protection.

Why IRAP authorisation matters  

While an IRAP assessment is essential for federal and state agencies, local councils, and other public sector organisations to assess a provider before trusting them with private data, any organisation should care if their vendor is IRAP authorised.  

READ MORE: 3 Must-Know Rules for Stronger Organizational Security 

That’s because an IRAP assessment is a formal, rigorous evaluation, reviewing more than just technology, but also people and processes against the requirements of the Information Security Manual (ISM). After a provider undergoes an IRAP assessment, you can confidently leverage their solutions, knowing they went through a thorough process to ensure a secure platform.  

Further, because they often hold data of private citizens, public organisations face enhanced scrutiny of their data protection and cloud security controls. As trusted partners of hundreds of public sector organisations in Australia, you should feel assured in AvePoint’s depth of expertise in securely migrating, managing, and protecting sensitive data.  

AvePoint Committed to Public Sector Cloud Security  

AvePoint has a long-standing commitment to cloud security, both in public and private sectors, and strives to ensure our products offer the utmost security controls. Our latest IRAP assessment reasserts our commitment to and capabilities in protecting sensitive data, but it also confirms we don’t just sell security and privacy products we practice what we preach.  

More than 230 government entities in Australia use AvePoint to migrate, manage and enhance protection of their Microsoft 365 and SharePoint data, and we do not take their trust lightly. As more organisations in Australia and around the world continue to adopt the cloud and conduct their business digitally, we want them to continue to feel confident that their data is safe with us.  

I’m thrilled to have yet again achieved this security standard, as well as our other security certifications like ISO 27001, SOC II Type 2, FedRAMP, and CSA STAR. To learn more about AvePoint’s policies and certifications around security, privacy and accessibility, please visit the AvePoint Trust Center: https://www.avepoint.com/company/trust-center. 


Stay up to date on the latest articles about what’s new in technology, SaaS Management & Governance, SaaS Backup and Data Management. Subscribe to our blog now.

Jared Seminoff is the Senior Account Executive, Public Sector & Team Lead at AvePoint. He manages AvePoint Australia's Public sector clients, including Defense, Intelligence, Local, State, and Federal Government to achieve secure and compliant information management outcomes. As all levels of Australian Government move to Microsoft 365 and rapidly increase their use of Microsoft Teams, Jared acts as a guide by leveraging his knowledge and experience gained from successfully completing large scale, complex, digital transformation projects in highly secure environments throughout Australian public sector. Jared is actively asked to consult on Microsoft 365 workplace modernization projects throughout ANZ.

View all posts by Jared Seminoff

Subscribe to our blog