Security and compliance critical for government collaboration
“Security and compliance are critical for the success of inter-agency sharing and collaboration,” warns archTIS CEO Daniel Lai. “Meeting the control requirements of the Information Security Manual of ASD is just one aspect of these compliance measures,” he said.
As Australian Government agencies seek ways of collaborating securely on PROTECTED information, it is critical that they are able to set and enforce the terms and conditions under which they share classified information. Under the Protective Security Policy Framework, agencies need to demonstrate that only authorised users can only access data that matches their identity, security clearance, nationality and need-to-know obligations.
Most commercial providers of collaboration solutions are not PSPF compliant ‘out-of-the-box’, which requires them to bolt on bespoke security and compliance elements to meet government security needs. “We have over a decade of experience working in the field of government information management and security, and we know that bolt on solutions are cumbersome and rarely as effective as solutions that are designed to meet these requirements from the ground up,” he said.
Being able to set sharing conditions on the data itself, or to tag the data for specific purposes or handling conditions, would enable the Australian Government to meet not only Australian compliance requirements for the secure management of government information, but would also assist in meeting their international compliance obligations, such as the EU’s new General Data Protection Regulation (GDPR).
GDPR is a strict new set of standards, enforceable from May 25 this year, extends the scope of EU data protection law to all foreign companies processing data of EU residents. It imposes additional restrictions on how companies and agencies protect and manage the personal information of EU citizens. The regulation pushes the onus that data is being handled appropriately to all public and private organisations that hold personal data. With the government moving aggressively towards agreements with large global third party providers, government agencies will need to look carefully at how third party providers meet these requirements.
archTIS specialises in the provision of classified and sensitive information sharing and collaboration products and services. Founded in 2006, the company has since established itself as a leading force in Trusted Information Sharing in the Australian Government, with award winning programs and contracts with Defence, DFAT, Home Affairs and other government agencies. We embed fine-grained access controls and metadata management within our solutions so that security is built into the solution by design, from the ground up. This means our solutions are able to scale the full spectrum of security classification levels and ensure only suitably authorised personnel can gain access to classified information.
More recently, the company is developing a suite of products designed to offer government agencies and private enterprise a high security, collaboration platform. The first product to be released, Kojensi Gov, offers government departments a collaboration solution that incorporates ‘out of the box’ government compliance and security requirements. Kojensi Gov has in-built the PSPF data classification capability and access controls that provide differentiated user access to classified content. Access decisions can be updated and immediately enforced in real-time across the information environment. For more information, visit www.kojensigov.com.