DGplex is proud to announce the successful completion of an Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED level — a significant milestone that reinforces our commitment to supporting Australian Government agencies with the highest standards of sovereign cybersecurity.
This achievement enables Australian Government agencies that require PROTECTED level controls to access our platform — TONK — with full confidence that appropriate security measures are independently validated against the requirements of the Australian Government Information Security Manual (ISM).
What is IRAP?
The Information Security Registered Assessors Program (IRAP) is administered by the Australian Cyber Security Centre (ACSC) and enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the ISM.
An independent IRAP assessor examined DGplex's controls — including people, processes, and technology — against the full requirements of the ISM. Protecting Australian Government data from unauthorised access and disclosure is a prime consideration when procuring and leveraging cloud-based security services, and this assessment demonstrates that DGplex meets those obligations.
What This Means for Government Agencies
Australian Government agencies can now engage DGplex's TONK platform — our complete Continuous Threat Exposure Management (CTEM) solution — knowing it has been assessed to handle PROTECTED workloads. The platform encompasses:
- External Attack Surface Management with continuous asset discovery
- AI-driven threat detection with ACSC CTIS intelligence feed integration
- Integrated red team capabilities and AV/EDR-evasive payload testing
- Third party and supply chain risk management
- Dark web and digital risk monitoring
All data processed by TONK remains within Australian borders, hosted on sovereign Australian infrastructure — a non-negotiable requirement for government workloads that many offshore platforms simply cannot meet.
Our Commitment to the Australian Public Sector
DGplex has been a DISP member and ASD Cyber Security Partner since our founding. This IRAP assessment at the PROTECTED level is the natural next step in our journey to serve Australian Government customers at every classification level.
As Australian Government agencies continue transitioning workloads to hybrid cloud environments and face an increasingly complex external attack surface, the need for a trusted, sovereign, and independently assessed security platform has never been greater. TONK was built precisely for this operating environment — where the stakes are high, the adversaries are sophisticated, and data sovereignty is non-negotiable.
We look forward to deepening our partnerships with government agencies and helping them achieve continuous threat exposure management at the highest security standards.
About IRAP
The Information Security Registered Assessors Program (IRAP) enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). An independent IRAP assessor examines controls including people, processes, and technology against the requirements of the ISM.
For more information about IRAP and the ISM, visit the Australian Cyber Security Centre website.