To fully realise the benefits of cloud computing, Microsoft recognises that we must do everything possible to provide our customers with the confidence that their data is secure, protected and handled with the utmost care. At Microsoft, we base our approach on decades of experience, a strong commitment to security, privacy, and transparency, and adherence to leading industry practices.
As we head towards general availability of the Microsoft Azure Australia Geo, I’m pleased to announce that Microsoft Azure has achieved a key milestone in the form of a successful Industry Security Registered Assessors Program (IRAP) compliance assessment of Australian Government security requirements*.
Microsoft Azure is the first and only public cloud service to provide this level of security assurance in Australia.
The IRAP assessment provides assurance for public sector customers (and the partners that serve them) that Microsoft has appropriate and effective security controls in place for the processing, storage and transmission of Unclassified Sensitive data within Microsoft Azure. Unclassified Sensitive data represents the majority of federal government, healthcare, education and state government data.
Today we’re publishing the formal Letter of Compliance from Foresight Consulting* – which can be downloaded from the foot of this post – an independent government accredited assessor, that explains the extensive scope of this assurance work, including:
- Core services within Microsoft Azure, including Virtual Machines, Cloud Services, Storage Services, Virtual Network, Azure SQL DB and Azure Active Directory;
- Microsoft Global Foundation Services; and
- Australian based datacentres
All Australian federal, state and local government agencies can benefit from this assessment.
In addition to the IRAP assessment, Microsoft products and services hold key global certifications, including ISO 27001 and SOC2. Earlier this year, European Union data protection authorities also found that Microsoft’s enterprise cloud contracts meet the high standards of EU privacy law – the toughest in the world.
The more trust that we can build in the cloud, the more our customers and partners can draw on its benefits to transform business models, deliver amazing digital experiences and services and ultimately put innovation at the very centre of everything they do.
* The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD, formerly DSD) initiative to provide high quality information and communications technology (ICT) services to government in support of Australia’s security.
The assessment was undertaken as prescribed in the Australian Government Information Security Manual and Protective Security Policy Framework.
Microsoft Australia IRAP Assessment Letter
James Kavanagh, Chief Security Adviser, Microsoft Australia
