AWS Security Blog

New IRAP reports for Australian customers are now available in AWS Artifact

Following our Information Security Registered Assessors Program (IRAP) assessment in December 2019, we are excited to announce that we have additional new IRAP documents now available in AWS Artifact as a result of the recent IRAP assessment at the PROTECTED level that was finished in June 2020. This includes an IRAP compliance report for 33 additional services, plus 1 separate report for AWS Outposts. Also included are 3 features of services that were already assessed in 2019: Amazon EventBridge for Amazon CloudWatch, AWS Transit Gateway for Amazon Virtual Private Cloud (Amazon VPC), and AWS Lake Formation for AWS Glue. The IRAP documentation pack continues to provide the ability to plan, architect, and self-assess Amazon Web Services (AWS) Cloud services in accordance with the Secure Cloud Strategy of the Australian government’s Digital Transformation Agency.

The list of new services includes Amazon Chime and Amazon AppStream 2.0, which are important services for remote working scenarios.

With the additional 34 services in scope of this cycle, we now have a total of 92 services assessed at the PROTECTED level. For the full list of those services, see the AWS Services in Scope page (select the IRAP tab).

The services in scope of this assessment are:

This brings a raft of services and capabilities to our customers for workloads at the PROTECTED level across contact centers, development pipelines, artificial intelligence and machine learning (AI/ML) services, media services, containers, storage, migration and transfer, networking, analytics, security, application integration, video conferencing, and Internet of Things (IoT), and also enables the ability to run AWS infrastructure and services on premises for a consistent hybrid experience using Outposts. All services in scope are available for you now in the Asia Pacific (Sydney) Region.

Because we care deeply about our customers’ needs, we strive to bring more services into the scope of the IRAP PROTECTED level, based on your requirements. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope for coming IRAP assessments.

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, start a new thread on the AWS Artifact forum.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Henry Xu

Henry is an APAC Audit Program Manager in AWS Security Assurance, based in Canberra, Australia. He manages regional compliance programs, including IRAP assessments. With experience across technical and leadership roles in public and private sectors, he is passionate about secure cloud adoption. Outside of AWS, Henry enjoys time with family, and he used to be a professional ballroom dancer.