Modern government, business and society depend on access to the latest technology to\u00a0operate, compete and progress,\u00a0and\u00a0cloud\u00a0computing\u00a0has long been central to\u00a0maintaining\u00a0that technological advantage.\u00a0The cloud\u00a0is where critical public services and national data are hosted, where innovation is scaled, and where Australia\u2019s digital future is being built.\u00a0<\/p>\n
That level of reliance demands more than capability alone. It requires confidence that cloud platforms can be trusted and relied upon for the country\u2019s most sensitive and regulated workloads. Trust at this level must be\u00a0demonstrated\u00a0through transparency and independent verification, not assumptions or marketing claims.\u00a0<\/p>\n
Today, I am pleased to share that Microsoft has completed its latest\u00a0Information Security Registered Assessors\u00a0Program\u00a0\u00a0(IRAP)\u00a0assessments for Azure, Dynamics\u00a0365\u00a0and Microsoft 365, supporting workloads\u00a0operating\u00a0up to and including the\u00a0\u201cProtected\u201d\u00a0level under the Australian Government Information Security Manual.\u00a0<\/p>\n
These assessments were conducted by Neon Cloud, an ASD endorsed IRAP\u00a0assessor,\u00a0and\u00a0evaluate Microsoft cloud services against the\u00a0Australian\u00a0Government Information Security Manual (ISM)\u00a0and\u00a0ACSC Cloud Assessment and Authorisation Framework,\u00a0alongside guidance from the Protective Security Policy Framework and broader Australian Government requirements.\u00a0<\/p>\n
It is important to\u00a0note\u00a0that IRAP is not a certification, nor is it\u00a0a binary pass or fail exercise. It is a\u00a0risk-based\u00a0framework designed to help organisations make informed decisions about how cloud services can be deployed within their specific security, regulatory and operational context.\u00a0<\/p>\n
Microsoft has been investing in\u00a0independent\u00a0IRAP assessments since 2015 and continues to reassess our cloud platform every\u00a0twenty-four\u00a0months. In an environment where threats, dependencies and geopolitical conditions continue to shift, repeatable independent assurance plays a key role in supporting long term operational resilience. This ongoing cycle reflects a\u00a0long-term\u00a0commitment to transparency, assurance and supporting Australian customers as their security, resilience and\u00a0sovereignty\u00a0requirements continue to evolve.\u00a0<\/p>\n