Three more vendors have received the highest certification required to hold sensitive government data, joining the three which have been certified since the scheme came in to force in June.
Equinix Australia, Fujitsu Australia and NEXTDC have each had several of their data centre facilities certified as “Strategic” under the federal government’s Hosting Certification Framework (HCF).
Led by the Digital Transformation Agency (DTA), the HCF began in March, with Australian Data Centres, Canberra Data Centres and Macquarie Telecom gaining accreditation in June.
Only Canberra Data Centres has had all its facilities (six in Canberra and three in Sydney) certified to the Strategic level, and plans to have two more facilities currently under construction begin the accreditation process in the next six months.
There are two levels of certification under the HCF: Certified Assured and the higher Certified Strategic.
At the highest level, which six vendors have now achieved, hosting providers must pass a stringent government inspection of facilities and provide a guarantee they will not change strategic direction, operation or ownership in a way which would “adversely affect”:
- the level of confidence the Australian public has in the Commonwealth;
- the Commonwealth’s interests; and
- the certainty of services delivered to tenants for the life of the current government contract/s
Certified Strategic providers must cover the full transition costs associated with exiting a data centre due to a breach of the contract. They are also required to mitigate supply chain risks by adhering to a formal risk management framework, have key personnel vetted by the government and provide support from “locations that do not pose a threat to the Commonwealth”.
Hosting providers are also required to update the government if these circumstances change in future.
Since June 4, all sensitive and whole-of-government data has been required to be held in a Certified Assured or Certified Strategic data centre, with government agencies required to determine their own hosting needs. This includes all future and “in-flight” projects.
This week, the DTA announced three more hosting providers had achieved the highest Certified Strategic for some of their individual facilities. The facilities certified to that level now include:
- Australian Data Centres
- Canberra Data Centres (H1, H2, H3, H4, F1, F2, EC1, EC2 and EC3)
- Equinix Australia (CA1, SY3, SY4, SY5, SY6, SY7, PE2 and ME4)
- Fujitsu Australia (Western Sydney and Homebush)
- Macquarie Telecom Pty Ltd (IC1, IC2, IC3, IC4 and IC5)
- NEXTDC (Perth 1 and 2, Sydney 1 and 2, Melbourne 1 and 2, Brisbane 1 and 2, and Canberra 1)
Equinix Australia’s managing director Guy Danskine said, “Equinix understands and welcomes the need for clear and transparent whole-of-government outsourcing arrangements in respect of data centre service providers, whilst ensuring Australia remains a competitive, global digital economy.”
“Equinix has many certified, densely connected, highly secure IBX facilities in key metros across Sydney, Canberra, Perth and Melbourne and has been a data centre provider to the Commonwealth and State governments for many years under previous hosting panels.”
Update: Macquarie Telecom Pty Ltd, trading as Macquarie Data Centres has had three more of its facilities Certified Strategic since publication.
Do you know more? Contact James Riley via Email.
None of the 3 new providers comply with the requirements. Why has the Government certified them? Can we get some transparency on this process?