IRAP (Information Security Registered Assessors Program)
IRAP—the Information Security Registered Assessors Program—provides a framework for assessing the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements, as outlined in the Information Manual (ISM) and Protective Security Policy Framework (PSPF). IRAP was created by the Australian Cyber Security Center (ASCS) which is a part of the Australian Signals Directorate (ASD).
Based on an evaluation from an independent third-party assessor, Google Cloud Platform has received IRAP certification for a subset of services by the ASCS. This certification places Google Cloud on the ASD's Cloud Services List (CCSL), which confirms that our physical, personnel, and information security controls meet ASD requirements.
IRAP certification and publication on the CCSL not only provides a path for our customers to work with the Australian government, it also opens the door for Australian federal, state, and local government agencies to store data and run workloads on GCP.
Government and public sector