Secure by design! LAB³ meets IRAP (protected) status

To provide certainty to our clients all bases are covered with cyber security, LAB³ has attained the world leading IRAP certification at the classification level of ‘protected’.

What’s more it’s not just the way we manage every aspect of our internal environment, including across our office locations and enabling remote work, but our products are secure by design.

In short, our clients can be assured everything LAB³ meets what are amongst the most stringent cyber security standards in the world.

LAB³  is now certified with the big 3 – IRAP, ISO27001, and NZ ISM. Further, in recognition of our deep expertise with security, we are a member of the Microsoft Intelligent Security Association (MISA).

Together these mean LAB³ has the perfect blend of security control measures in place to reduce any level of risk to our clients. Plus we have plans that are available and tested to manage the impact of any interruptions that do occur.

So, what is IRAP and why are Government organisations looking for the tag?

If you are not familiar with the IRAP tag (it is relatively new on the scene), it stands for the Infosec Registered Assessors Program and it is managed by the Australian Cyber Security Centre. The IRAP assessment covers our people, products and services against the requirements of the ACSC Information Security Manual (ISM).

Now, you have probably heard of the Essential 8. If so, a great analogy is to think of IRAP as the Essential 8 on steroids. But instead of 8, there are over 1200+ controls needed to meet the IRAP standards.

Having the IRAP (protected) evaluation builds on LAB³’s ISO27001 Information Security certification (the widely adopted International standard which many organisations aim to comply with across the world). It also means we tick off all the boxes for the New Zealand standard NZ ISM.

In terms of reducing exposure to cyber security threats, IRAP requires significantly more rigorous measures over and above ISO and NZ ISM. With IRAP there are no grey areas, and this makes it a “must have”. It is the evaluation government entities in Australia now look for in engaging technology providers to establish cloud foundations.

LAB³ is the first cloud services provider and Microsoft Partner in Australia to achieve this level of accreditation for both Professional Services and Managed Services.

Indeed, given how difficult IRAP (protected) is to achieve, there are only a handful of other technology providers Australia-wide to also have achieved these certifications.

The threat of a cyber security attack is always on my mind…

These days as a community we expect cloud services to be watertight. And in the event of any breach or incident, this can be presented in the media as negligent or even scandalous. But risks are not inevitable and do not have to hold up your plans to adopt cloud technology.

“Would you prefer to go to bed at night knowing your cyber security responsibility is covered?” This is the question we asked LAB³ CEO Chris Cook when recommending we attain the IRAP evaluation.

It took Chris less than a milli-second to appreciate the value in backing the plan. “Yes!” was his reply. “It will help me and our clients sleep through.”

Having IRAP provides assurance that not only does LAB³ and our solutions align and comply with the some of the best security practices in the world, we also have the official paperwork as proof.

Operating in the public cloud is a worry if you don’t watch your back…

With public cloud there is a concept of shared responsibility for cyber security.

Every host puts an onus on customers to take joint responsibility to manage cyber security. It is not sufficient to assume this will be managed for you.

As a technology provider, LAB³ makes this onus easy. We take on the responsibility for you. With our IRAP compliant end-to-end security solutions and our internal ways of working across our organisation no stone is left unturned.

Our team, internal processes, and technology – everything has been assessed to identify potential holes and this includes people working remotely. With hybrid work models here to stay, this is a crucial gap to cover off.

Plus! The certainty provided through IRAP is continuous and ongoing. To maintain this evaluation, organisations need to meet rigorous 6 monthly reviews.

LAB³ security is 100% transparent and clients maintain total visibility

When providing security solutions for clients all measures taken by LAB³ are visible. Clients retain full access to the metrics associated with both your security posture and technology environment.

LAB³ provides end to end security solutions including an independent 24/7 Security Operations Centre (distinct from and to complement our Managed Services – but run on the same cost-efficient basis). Security measures are also built into every LAB³ solution.

If you would like to learn more about LAB³ security solutions, you might like to >>> discover your locally based SOC <<<