Our Australian Government Agency client required an Information Security Registered Assessors Program (IRAP) assessment of their Amazon Web Services (AWS) gateway to gain assurance of the operation of security controls around connectivity of their cloud compute environment. north was engaged to provide IRAP services around the functionality of the gateway, with particular focus on connectivity, separation and control of data.
north was selected as the IRAP service provider on the basis of employing a range of IRAP assessors with various specialty skill sets from which to choose. The IRAP assessor selected by the client delivered a thorough assessment service and impressed the client by providing a detailed report with pragmatic recommendations for managing risk.
north worked with the client to allocate an IRAP assessor with significant skills and experience directly relevant to the assignment. north negotiated with the client to ensure that customer timeframes were met and the various internal and external stakeholders, including service providers, were engaged and information collected and analysed in a timely and efficient manner.
north communicated constantly with the client during the execution of the assessment to ensure that all relevant issues were raised, analysed and captured in the deliverable report, enabling the client security team to provide independent assurance to the executive leadership that the AWS gateway was secured to a level appropriate to its purpose and function.
north further provided advice and assistance to the client In reporting the outcomes of the IRAP assessment to the Australian Signals Directorate and to executive leadership of the client, both of whom had a keen interest in the outcome of the assessment.
north provided assurance to the client as to the security posture of the AWS gateway, including delivering a formal IRAP assessment report, as well as supporting development efforts by providing pragmatic recommendations for further mitigation of security risks.
Providing the client with a choice of IRAP assessors allowed the client to select an assessor with the specific skills and approach needed to meet their requirements. The client was confident of a successful outcome due to a collaborative approach in the allocation of a seasoned and skilled assessor, supported by north’s IRAP team and wider specialist security practice.