Macquarie Government, part of the Macquarie Telecom Group, has become a member of the Defence Industry Security Program (DISP), certifying the company to contract with Defence.
DISP is a membership program that ensures Defence acquires goods and services from a security-vetted supply chain. Conditions for membership include certain physical and virtual security accreditations and standards, staff training, and governance.
The membership means Macquarie can now submit for tenders relevant to its government, cloud, telecommunications and data centre services and products, and makes it the first sovereign member to supply this range of services. The Government business already works with 42 per cent of agencies and personnel.
“From a data perspective alone, Defence has worldwide operations and deals with all levels of data classification,” Aidan Tudehope, managing director at Macquarie Government, said.
“The ability to provide an all-sovereign range of services, personnel and facilities gives us a unique ability to bring together and secure the entire supply chain, providing a safe harbour for Defence data during increasingly uncertain times.”
Membership requires continuous assessment to ensure the necessary standards are maintained. It also affords Macquarie access to important threat detection information providing world-wide security situational awareness within the intelligence community.
Macquarie believes accreditations like DISP membership are increasingly important as the Australian Signals Directorate’s (ASD) Certified Cloud Services List (CCSL) comes to an end next month and other programs such as the Information Security Registered Assessors Program (IRAP) are limited to providing a point-in-time ‘snapshot’ of security validation.
“Many agencies are large enough to have a qualified security team and/or a CISO, but many are not,” Tudehope added. “Without the guiding hand of the CCSL, smaller agencies in particular will become increasingly reliant on independent assessments and validation of cloud service providers to make informed decisions and keep the whole of Government secure.
“There’s a certification gap forming as CCSL ends and we await expansion to IRAP’s existing functions. Agencies need to take into account other accreditations such as DISP to make informed decisions, particularly at a time when they’re so dependent on cloud services and cyber security is high on the national agenda.”