Regulators face particular issues in connection with the security of data. They collect vast volumes of it, much of which is by its nature confidential. Their own management of the data, including the legal input and decision-making based on it, must have the highest levels of security. Not least, they must set an example to those whom they regulate – if the regulators’ expectation is that organisations will have adequate systems in place, then they must take a lead in establishing and maintaining their own security.
To deal with this, Australian government agencies have set very high standards for security, requiring suppliers to meet the requirements of the Infosec Registered Assessors Program (IRAP). IRAP sets standards for those who provide security assessment services. Someone who has been through the IRAP assessor training Is effectively certified as qualified to determine whether an organisation or its systems provide an adequate level of security for, for example, the gateways and cloud services which an organisation and its users rely on.
Relativity has just completed the IRAP assessment for its cloud offering, RelativityOne. The press release is here.
Georgia Foster, managing director at Relativity, APAC, says that organisations impose on SaaS providers an obligation to “constantly ensure they are still fit for purpose in the face of the rapidly evolving threat landscape”. She adds that completing the IRAP assessment “is another validation point for the robust security posture that impacts every organisation entrusting their data to RelativityOne.”
Amanda Fennell, CSO and CIO at Relativity says “Achieving the IRAP assessment is just another step in ensuring that our customers using RelativityOne are best equipped to tackle the diverse challenges of litigation, investigations and unstructured data requests facing government agencies.”
This matters beyond the confines of one country’s regulatory bodies. While every organisation’s security profile is different, there is enough commonality in the risks for others to take note when a security system meets requirements like the Australian IRAP assessment.