Adobe Successfully Completes Australian IRAP Assessment

Organizations are continuously looking to improve digital experiences, while also working to meet compliance security standards and regulations set forth by their governments. In Australia, all government agencies must adhere to the security requirements outlined in the Information Security Manual (ISM), produced by Australian Signals Directorate (ASD), a cyber security framework that organizations can apply, using their risk management framework, to help protect their information and systems from cyber threats. The assessment is conducted under Information Security Registered Assessors Program (IRAP), an ASD initiative to provide high-quality information and communications technology (ICT) security assessment services to the government.

Based on an evaluation from an independent third-party assessor, Adobe has successfully completed its IRAP assessment at the OFFICIAL information classification level for Adobe Experience Manager (AEM) Managed Services. This certification signifies that AEM Managed Services is compliant with the ASD requirements, providing assurance that our customers can use AEM Managed Services in working with the Australian government, while also enabling Australian government agencies to easily adopt AEM Managed Services and enhance their own digital experiences.

Adobe’s foundational framework of security processes and compliance controls, namely Common Controls Framework (CCF), has been the key in achieving and maintaining its IRAP certification. CCF by Adobe is a comprehensive set of simple control requirements, aggregated, correlated and rationalized from the array of industry information security and privacy standards. Adoption of the CCF has helped enable Adobe’s cloud products, services, platforms and operations to achieve compliance with a host of security certifications, standards and regulations like SOC2, ISO/IEC 27001:2013, PCI DSS, FedRAMP and others.

We’ve open sourced our CCF to help other organizations who are mapping out industry security and privacy standards for their organization and invite you to download CCF and adapt it for use in your organization.

Prasant Vadlamudi
Director, Director, Technology Governance, Risk and Compliance (Tech GRC)