LAB³ Cybersecurity Approach – Part Two: Upholding IRAP To PROTECTED Status
Upholding IRAP To Protected Status For Our Clients
Introduction:
LAB3 is dedicated to ensuring modern and robust cybersecurity protocols across our business. We deploy Microsoft Sentinel and Defender across everything we do, and we are committed to ensuring continuous improvement in the way we deliver services and solutions for our clients.
Significantly, LAB3 is also a leader in developing modern cybersecurity solutions based in the cloud, matching the speed of hackers in today’s cloud world.
LAB3’s stringent approach to cybersecurity is verified both by external authorities through regular rigorous audits, and our leadership with product development is reflected by our membership of the Microsoft Intelligent Security Association (MISA). At any time, our clients and prospective clients can apply to view our security certifications and audited controls through the LAB3 Trust Center.
Expanding on the above, we have written three blogs to more fully explain our modern approach to cybersecurity and as further reassurance of our commitment.
This blog, Part Two, covers our IRAP to PROTECTED status, a tag which Australian government organisations now look for as a must-have in a technology provider. Since we comply with the Australian ISM, we are also aligned with the controls for NZISM.
Our first blog, Part One, covers why LAB3 maintains our ISO 27001 certification. The third blog, Part Three, explains how our unique services and product offerings are secure by design. This includes Bedrock (our scalable Azure landing zone built using automation), Security Insight (which uses automation to deploy and manage Microsoft Sentinel ongoing), and the managed services of our cloud-based Security Operations Centre (where our clients maintain full control and visibility of their IT environment).
Diving into Part Two:
Why IRAP Matters
To provide certainty to our clients that all bases are covered with cybersecurity, LAB3 maintains the world leading IRAP certification at the classification level of ‘PROTECTED’.
Our IRAP status provides assurance for clients that LAB3 meets what are amongst the most stringent cybersecurity standards in the world for handling sensitive or classified government information. IRAP covers the way we manage every aspect of our internal environment, including across our office locations and enabling remote work. Further, IRAP ensures our solution and products are secure by design as well.
Having the IRAP (PROTECTED) evaluation builds on our ISO 27001 certification and means we also tick off all the boxes for the New Zealand standard NZ ISM.
What does IRAP stand for?
If you are not familiar with the IRAP tag, it stands for the Infosec Registered Assessors Program and it is managed by the Australian Cyber Security Centre.
The IRAP assessment covers people, products and services against the requirements of the ACSC Information Security Manual (ISM) for handling sensitive or classified information.
The certainty provided through IRAP is continuous and ongoing. To maintain this evaluation, organisations need to meet rigorous regular reviews including to have updated and introduce new IRAP controls as required
Why Government clients look for the IRAP tag
If you have ever heard of the Essential 8 which Australian Government organisations must comply with, a great analogy is to think of IRAP as the Essential 8 on steroids. But instead of 8 principles, there are over 1200+ controls needed to meet the IRAP standards.
In terms of reducing exposure to cyber security threats, IRAP requires significantly more rigorous measures over and above ISO and NZ ISM. With IRAP there are no grey areas, and this makes it a “must have”. It is the certification that government entities in Australia now look for in engaging technology providers to establish cloud foundations and transform their services.
Is IRAP status difficult to attain?
LAB3 was the first cloud native services provider and Microsoft Partner in Australia to achieve this level of accreditation for both Professional Services and Managed Services (we did so back in 2022).
Indeed, given how difficult IRAP (PROTECTED) is to achieve, there are only a handful of other technology providers Australia-wide to also have achieved this status.
Why IRAP helps alleviate security concerns about cloud adoption
These days our community expects IT environments to be watertight. In the event of any breach or incident, this can be presented in the media as negligent or even scandalous. But risks managed with a modern approach so as not to hold up your plans for transforming your business with cloud technologies.
Our IRAP status provides assurance that not only does LAB3 and our solutions align and comply with the some of the best security practices in the world, we also have the official paperwork as proof.
Operating in the public cloud, there’s a concept of shared responsibility
With public cloud there is a concept of shared responsibility for cybersecurity. Every host puts an onus on customers to take joint responsibility to manage cybersecurity. It is not sufficient to assume this will be 100% managed for you.
As a technology provider, LAB3 makes this onus easy. We take on responsibilities with you. With our IRAP compliant end-to-end security solutions and our internal ways of working across our organisation no stone is left unturned.
Our team, internal processes, and technology – everything has been assessed to identify potential holes and this includes people working remotely. With hybrid work models here to stay, this is a crucial gap to cover off.
LAB3 security is 100% transparent and clients maintain total visibility
As part of our IRAP commitment, when we provide security solutions for clients, all measures taken by LAB3 are visible by our clients. This involves clients retaining full access to the metrics associated with both their security posture and technology environment.
LAB3 provides end-to-end security solutions including an independent 24/7 Security Operations Centre (distinct from and to complement our Managed Services). Security measures are also built into every LAB3 solution.
______________________________________________________________________