Skip to content

Security

Overview¤

AUCloud is an Australian owned and operated Sovereign Cloud Service provider that delivers services exclusively to Australian Government, Critical National Industries (CNI) and secure enterprise organisations.

AUCloud’s core tenet is the protection of the confidentiality, integrity and availability of data: both AUCloud’s own and that entrusted to AUCloud by its customers.

AUCloud’s Information Security Management System (ISMS) is based upon a robust security framework of information security governance, policies, plans and procedures that are aligned with the Australian Government’s PSPF and ISM as well as International Standards such as ISO27001. AUCloud’s approach to security is continual assessment for a wide variety of threats and vulnerabilities that, if left unchecked, could compromise information assets or the supporting assets upon which they depend for their security.

AUCloud is IRAP certified to PROTECTED and ISO27001 certified with the scope of certification covering:

  • Development, management, operation and security of the AUCloud portal, information systems and related infrastructure.
  • Management, operation and delivery of sovereign, secure Infrastructure as a Service, Backup as a Service and Disaster Recovery as a Service.

AUCloud’s IRAP certification encompasses all operating environments, Canberra, Sydney, Brisbane and Melbourne, all which have been designed to meet or exceed PROTECTED level ISM controls.

Community Rules Information Security Policy (CRISP)¤

To be part of the AUCloud community, customers must agree to abide by AUCloud’s Community Rules Information Security Policy (CRISP) which is signed by the customers CIO or CISO prior to commencement. The CRISP is the formal, top-level security document which identifies those aspects of the cloud service that are the responsibility of the AUCloud CISO and those that are within the remit of the data-owning customers CIO/CISO.

All AUCloud partners and customers using Sovereign Cloud environments must comply with AUCloud’s Community Rules Information Security Policy (CRISP).

AUCloud’s CRISP dictates the behaviours and practices of the ‘cloud community’. It sets out our responsibilities as well as the responsibilities of our partners/customers to eliminate any operational or process weakness. This delivers both superior security controls for individual partners/customers as well the highest level of integrity of all our cloud environments.

Users cannot be serviced in AUCloud if they do not explicitly agree to the CRISP. Further, no remote support is enabled for uncleared personnel for any service hosted by AUCloud.

AUCloud’s CRISP ensures all our users benefit from increased security across the whole community.

Essential 8¤

AUCloud has implemented the Essential Eight Strategies to Mitigate Cyber Intrusions to a minimum of Maturity Level 2. Additional ACSC advice and strategies to mitigate cyber security incidents are implemented using a risk-based approach to the AUCloud security program.

SOC¤

AUCloud infrastructure and supporting services are monitored by a 24/7 Security Operation Centre (SOC). The SOC provides proactive cyber threat monitoring of AUCloud’s internal networks as well as the perimeter protection of all AUCloud customers.

The Security Operations Centre:

  • monitors, logs and analyses all cyber traffic on a continuous basis
  • provides near real-time cyber monitoring, triage, analysis and incident response
  • enables cyber threat intelligence at scale
  • conducts vulnerability scanning to ensure an enhanced cybersecurity posture