Commvault attains IRAP certification

Friday, 27 October, 2023

Commvault has announced that its portfolio of SaaS-delivered data protection solutions has achieved Australia’s Infosec Registered Assessor Program (IRAP) certification at PROTECTED level. Administered by the Australian Cyber Security Centre (ACSC), the IRAP framework ensures that technology providers meet the highest security and integrity protocols in line with the Australian Government’s information security standards.

IRAP provides a common framework to certify a solution’s security posture and resiliency from advanced threats. By conducting an in-depth examination of software architecture, design and security protocols, IRAP certification ensures Commvault’s SaaS data protection solutions meet stringent ISM (Information Security Manual) security requirements, and that government agencies and contractors can confidently adopt Commvault solutions. It also further exemplifies Commvault’s commitment to global data security, adding to its current position as the only SaaS data protection portfolio to meet FedRAMP High (In Process) status, with the approved ATO signed by the Department of Treasury on 12 July 2023.

“While IRAP is an Australian-centric security framework, this certification underlines the country’s global commitment to upholding best-in-class security standards, resonating with frameworks like FedRAMP. Achieving IRAP certification is a testament to our mission of providing industry-leading protection of data against ransomware and the evolving cyberthreat landscape,” said Martin Creighan, Vice President for Asia Pacific, Commvault.

With cyberthreats continuing to escalate, private and public sector entities are under increased pressure to bolster their data security and cyber recovery measures. In fact, according to a new Commvault report commissioned in partnership with IDC, both IT and business leaders understand the constant risk and dire consequences of a cyber attack, with 61% of respondents believing that data loss within the next 12 months is “likely” to “highly likely” to occur due to increasingly sophisticated access.¹

Combating these concerns, Australia’s IRAP assessment falls under the Security Legislation Amendment (Critical Infrastructure) Bill, introduced to Parliament in 2020. The amendment has a National Security focus and was put in place to manage risks posed in particular by foreign involvement in Australia’s critical infrastructure, considering that a significant amount of the country’s infrastructure is privately owned.

Commvault’s entire portfolio of SaaS-delivered data protection solutions are IRAP-certified and are built into its commercial offering.

_{1. Goodwin, P. (2023). The cyber-resilient organization: maximum preparedness with bulletproof recovery [White paper]. IDC. https://www.commvault.com/resources/idc-whitepaper-the-cyber-resilient-organization-maximum-preparedness-with-bulletproof-recovery}

Image credit: iStock.com/sefa ozel