AWS Security Blog

New Australian IRAP FAQ and Hub Page

IRAP logo

Positive news for our Australian customers: we recently launched a compliance hub and FAQ page for Australian government customers and their assessors for the Information Security Registered Assessors Program (IRAP) on implementing the Australian Signals Directorate’s (ASD) Information Security Manual (ISM). The new hub and FAQ address many of the questions that Australian government customers have about using AWS to build ISM-compliant workloads, as well as illustrating how Australian government customers can take advantage of the compliance packages that we have created to support their accreditation efforts.

Based on whitepapers, videos, and online documentation, the page brings together numerous pieces of guidance related to protecting and securing workloads on AWS. It also provides instructions on the requirements to access the IRAP compliance package and their contents, as well as other compliance reports that are available for use. 

Our goal for this new Australian hub is for it to support customers looking to leverage the AWS membership on the ASD Certified Cloud Services List (CCSL). For context, this membership is mandatory for the 2015 ISM and beyond for Australian government customers looking to run public cloud-based workloads. AWS’s membership on this list is positive confirmation that the ASD as the Certification Authority has provided AWS certification for running Unclassified DLM workloads using Amazon EC2Amazon Elastic Block Store (EBS)Amazon S3Amazon VPC, and AWS Identity and Access Management (IAM) in the Sydney region. This certification shortens the security assessment and certification cycle for Australian agencies looking to accredit their workloads on AWS infrastructure and comes as a result of AWS having completed an independent assessment against the security controls of the ASD ISM by an IRAP assessor late last year.

Please contact us with questions about building solutions compliant with the ASD ISM or meeting your particular compliance or regulatory needs in the cloud.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.