Compliance · Australia

Meet ACSC ISM, Essential Eight and IRAP requirements with images built in Australia.

The Australian Cyber Security Centre (ACSC) publishes the Information Security Manual (ISM) and the Essential Eight maturity model. IRAP is the assessment regime for systems handling Australian Government data, with PROTECTED, SECRET and TOP SECRET classifications.

About the framework

What is Australian ISM, Essential Eight & IRAP?

Australian federal and state government entities, defence industry, critical infrastructure operators under the SOCI Act, and any organisation processing Australian Government information.

Who it applies to

Commonwealth and state government departments, defence primes and subcontractors, critical infrastructure operators (energy, water, telco, finance, transport, data centres), and managed service providers serving the Australian public sector.

Cloudgenics mapping

How we satisfy Australian ISM, Essential Eight & IRAP

Images built and signed in Australia by Cloudgenics Sydney team
Essential Eight Maturity Level 2 and Level 3 implementations
ISM control catalogue mapped to image and platform controls
IRAP-aligned evidence packs for PROTECTED workloads
Sovereign deployment options for SECRET environments

Evidence model

What auditors get on day one.

Mapped control catalogue

Every Australian ISM, Essential Eight & IRAP requirement mapped to the Cloudgenics technical controls that satisfy it, with traceability.

Continuous evidence feed

Telemetry, configuration scans and audit logs streaming into a tamper-evident evidence store with retention aligned to the framework.

Walkthrough kit

Standardised auditor walkthrough materials — diagrams, run-books and policy templates — that fast-track the assessment.