Adobe Experience Manager Gov Cloud Australia (AEM Gov AU) achieves Australia’s IRAP assessment at PROTECTED level

Global business internet network connection security and digital cyber security background concept

When accessing public services, digital is the preferred channel for 90% of Australian citizens, according to Adobe research. This increasing demand for online government services means agencies need to deliver secure, personalised and accessible digital experiences for a diverse population across multiple channels.

In recognition of the need for Australian government agencies to meet this demand, Adobe Experience Manager Gov Cloud Australia (AEM Gov AU) completed the Infosec Registered Assessors Program (IRAP) assessment at the PROTECTED level in March 2024, an uplift from the OFFICIAL level. This assessment enhances Adobe’s protected cloud offering for Australia and demonstrates our ongoing commitment to help Australian governments at all levels enhance the quality and security of the digital citizen experience.

Citizen experience in Australia is flat

While Australian government agencies are investing to improve digital public services, Adobe’s Global Government Digital Performance and Inclusion (GDPI) Benchmark found that many citizens still find accessing government information challenging.

Of the three dimensions the GDPI Benchmark measured, citizen experience has seen the least improvement in the past year. The experience on mobile devices was behind that of desktops, which, alongside lower mobile page loading speeds, can impact many citizens with mobile-only access to the internet. Of all stages across their online journey, onboarding and the ease of completing forms ranked among the lowest. Scores were higher where departments and agencies had moved to a single digital presence with content organised around citizen needs.

Through this IRAP assessment, Adobe has made it easier for Australian government agencies to adopt technologies that will improve the digital citizen experience.

AEM Gov AU now certified at IRAP PROTECTED level

In Australia, government agencies must adhere to the security requirements outlined in the Information Security Manual (ISM), produced by Australian Signals Directorate (ASD), a cyber security framework that organisations can apply, using their risk management framework, to help protect their information and systems from cyber threats. The IRAP assessment is an ASD initiative to provide high-quality information and communications technology (ICT) security assessment services to the government.

IRAP assessors have evaluated AEM Gov AU against controls up to PROTECTED level security requirements, finding it to be aligned with the control requirements for use among Australian federal, state, and local agencies. This certification assures our customers can use AEM Gov AU when working with the Australian government. It means those Australian government agencies that require PROTECTED level security requirements can now adopt AEM Gov AU and enhance their own digital experiences.

Create secure and high-performing digital experiences

AEM Gov AU is designed to enable government agencies to efficiently plan, launch, optimise, and maintain successful digital experiences, securely managing content across the full lifecycle at an enhanced level of cyber security while reducing costs and lifting reliability. It provides mission-critical cloud management for an agency’s most demanding digital experience delivery needs, with enterprise-class availability, security, and compliance.

AEM Gov AU can be configured to an organisation's needs. It enables scalability and rapid deployment while reducing complexity and cost. It also frees developers from infrastructure and service management tasks, including capacity planning, server and software installation, security vulnerability management, patch management, and monitoring. Burden on the help desk associated with downtime or hardware and software issues is also dramatically reduced.

It offers enterprise-grade physical, network, and data security, including various industry-specific and government regulations such as FedRAMP Moderate, HIPAA-ready, and GLBA-ready, SOC 2, etc in addition to IRAP. For agencies seeking additional security measures, AEM Gov AU also provides WAF and DDoS Protection services to mitigate risks and provide additional measures for attack prevention.

Additionally, Australian government departments and agencies can have peace-of-mind knowing Adobe’s Australian protected cloud offering for AEM is built and operated by a team of Australian citizens who reside in country and possess the appropriate government security clearances.

Adobe’s Common Control Framework

Adobe’s foundation for security processes and compliance controls, Adobe’s Common Control Framework (CCF), provides a baseline for all its security assessments and attestations. With the help of CCF, Adobe has created an in-house IRAP Program to manage the Australian security compliance for Adobe’s IRAP in-scope products, with the aim of scaling Adobe’s IRAP portfolio. It helps Adobe’s in-scope products and services adhere to the robust and evolving requirements of the Australian Government’s ISM. Adobe’s CCF, along with the IRAP Program, was instrumental in attaining this IRAP assessment.

As part of our ongoing efforts to promote security, Adobe has open-sourced its CCF to help other organisations that are mapping out their own controls to help meet industry security and privacy standards. You are invited to download CCF today and adopt it in your organisation.

For more information on Adobe’s compliance regime, and to access the IRAP assessment letter, please refer to the Adobe Trust Center.