Your Compliant Cloud Solution.
Secure Cloud Services matter. Nowhere more than in the health sector, which represents almost a quarter of all data breaches reported to the Australian Information Commissioner1. The Australian Department of Human Services has issued new guidelines for licensed software developers in line with Australian Signals Directorate (ASD) Cloud Computing Security Considerations, which span:
- Maintaining availability and business functionality.
- Protecting data from unauthorised access by the cloud provider’s customers.
- Protecting data from unauthorised access by cloud provider’s employees.
- Handling security incidents.
Importance of Certification & Compliance
Certifications determine if your Cloud provider is in. Or out. Without them, your NOI (Notice of Integration), NOC (Notice of Connection) and e-Health access can end.
Not all Clouds are created equal. And comparing complex Cloud offerings can be challenging. But the solution may be closer than you think. Choosing Macquarie Launch™ Health Cloud ensures you’re protected and compliant.
The ASD recommends that public domain information should be exclusively hosted in Australia. Macquarie Cloud Services use their own sovereign data centres in Sydney and Canberra to deliver deeply interconnected multi-zone, multi-location solutions all the way to 100% Service Level Guarantee (SLG) Active-Active designs.
Are you at risk?
Qualifying organisations are already subject to the Australian Privacy Act, and since February, 2018, to new Mandatory Breach Reporting obligations. If you’re engaging with the Department of Human Services and participating in the government e-health programme, then the bar for Cloud security is set even higher. As National Critical Infrastructure (NCI) public and private health systems face 4 elevated security requirements:
- Mandatory. ASD CCSL Certification
- Mandatory. Data Sovereignty. All data must remain onshore within Australian jurisdiction
- Highly Desirable. Physical Separation of server infrastructure
- Highly Desirable. Security Clearances should be limited to citizens holding NV1 clearance
It’s black-and-white simple. Your Cloud Provider is CCSL Certified. Or They’re Not.
Strict definitions apply, so you can objectively determine if your cloud provider(s) are the right fit going forward.
- A provider must be on this list to be eligible to provide selected service to the DHS. As Australia’s public cloud leader, we are certified to handle UD and PROTECTED data. We are also ISO27001 certified – the defined global standard for best-practise data security. You can verify our certifications today along with those for PCI (personal financial data)
- With us, data is only ever stored and backed up in Australian government certified secure data centres in Australia. We deliver end-to-end solutions inside our own Data Centres and are only subject to the laws of Australia
- To provide a 24 x 7 always on service, we employ over 100 Australian engineers and technical staff that maintain Australian Government Security Vetting Agency (AGSVA) NV1 security clearances (or higher) – including our engineers in the Macquarie Hosting Management Centre and Cloud POD teams, over here, not over there
- DHS has assessed that the security risk of public clouds are not acceptable. Community cloud using infrastructure physically dedicated to Australian Government use provides additional assurance. We physically separate the infrastructure dedicated to Australian Government use in our CCSL secure clouds.
- The Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) outline the minimum acceptable standards for government policies, processes and procedures. This is critical, as the Australian Information Commissioner has revealed human errors from either customers or providers are the principal cause of data breaches
Macquarie Cloud Services.
We’re the leading provider of Government Colocation, Hybrid and Private Cloud services, with our own Australian data centres, plus hundreds of people and thousands of solutions. Together, it’s made us Australia’s most-recommended provider².
It all starts with a single coffee. Talk to our team about how our secure Launch™ Secure Health Cloud can deliver compliant Cloud solutions for today, and tomorrow.
1. Office of the Australian Information Commissioner (OAIC), Qtrly Report; https://www.computerweekly.com/news/252439061/Australian-healthcare-services-most-hit-by-data-breaches