Macquarie Government, part of the Macquarie Telecom Group, announced it has become a member of the Department of Defence’s Defence Industry Security Programme (DISP), certifying the company to contract with Defence. DISP is a membership programme that ensures the Department of Defence acquires goods and services from a security-vetted supply chain. Conditions for membership include certain physical and virtual security accreditations and standards, staff training, and governance.
The membership means Macquarie can now submit for tenders relevant to its government, cloud, telecommunications and data centre services and products, and makes it the first sovereign member to supply this range of services. The government business already works with 42 percent of agencies and personnel.
“From a data perspective alone, Defence has worldwide operations and deals with all levels of data classification,” said Aidan Tudehope, managing director at Macquarie Government. “The ability to provide an all-sovereign range of services, personnel and facilities gives us a unique ability to bring together and secure the entire supply chain, providing a safe harbour for Defence data during increasingly uncertain times.”
Membership requires continuous assessment to ensure the necessary standards are maintained. It also affords Macquarie access to important threat detection information providing world-wide security situational awareness within the intelligence community.
Macquarie believes accreditations like DISP membership are increasingly important as the Australian Signals Directorate’s (ASD) Certified Cloud Services List (CCSL) comes to an end next month and other programmes such as the Information Security Registered Assessors Programme (IRAP) are limited to providing a point-in-time ‘snapshot’ of security validation.
“Many agencies are large enough to have a qualified security team and/or a CISO, but many are not,” added Tudehope. “Without the guiding hand of the CCSL, smaller agencies in particular will become increasingly reliant on independent assessments and validation of cloud service providers to make informed decisions and keep the whole of government secure. There’s a certification gap forming as CCSL ends and we await expansion to IRAP’s existing functions. Agencies need to take into account other accreditations such as DISP to make informed decisions, particularly at a time when they’re so dependent on cloud services and cyber security is high on the national agenda.”