Blog

IBM Expands its IRAP Assessed Cloud Services
By Arnold Simson |
May 15, 2023

IBM has reinforced its commitment to security by completing the Information Security Registered Assessor Program (IRAP) PROTECTED level assessment for IBM’s Cloud VPC and PaaS services (IRAP...

Arnold Simson, Principal Cloud Compliance Leader, IBM Australia

IBM has reinforced its commitment to security by completing the Information Security Registered Assessor Program (IRAP) PROTECTED level assessment for IBM’s Cloud VPC and PaaS services (IRAP Assessment).

This is particularly important for Australian financial institutions as these services are part of IBM Cloud for Financial Services, a cloud-native offering designed specifically for regulated clients in this sector.

Tackling a changing regulatory landscape

This development together with IBM Cloud’s existing Federal Government Hosting Certification Framework (HCF) Strategic Certification can help financial institutions tackle the changing regulatory landscape including requirements of the newly amended Security of Critical Infrastructure Act 2018 (SoCI Act). 

The IRAP Assessment showcases that IBM Cloud meets the cyber framework requirements of the Act and ensures the platform is in line with the latest Australian Government cyber security guidelines. The HCF Strategic Certification addresses the broader risk management requirements of the Act.

The IRAP Assessment Report complements IBM Cloud's existing Financial Services Guide to APRA Regulation (Guide). The Guide provides financial institutions with a comprehensive resource for understanding how the security capabilities of IBM Cloud align with the Australian Prudential Regulation Authority's guidelines.  

The IRAP Assessment Report verifies that IBM Cloud also meets the Australian Cyber Security Centre's Information Security Manual controls, including the Essential Eight controls, ensuring a high level of security for hosted workloads.

How can this benefit my organisation?

By engaging with IBM as an IRAP PROTECTED cloud services provider, government agencies can be assured that IBM is actively addressing and maintaining the security guidance requirements detailed in the Australian Government’s Information Security Manual (ISM).

This coupled with IBM’s broad portfolio of cloud services, hybrid cloud and consulting, these IaaS, VPC and PaaS services provide the foundation for a robust set of capabilities that can support sensitive workloads.

What is IRAP?

The IRAP is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to government agencies.

To learn more and view the services in the IRAP PROTECTED scope go to: https://www.ibm.com/cloud/compliance/irap-australia

Article Categories