Certification forces departments to use Australian data centres. By David Braue on Jun 15 2021 10:48 AM Print article
Australian government data to remain onshore. Photo: Shutterstock
Government agencies must only store sensitive information in data centres certified under the new Hosting Certification Framework (HCF), with the first providers now accredited in a scheme designed to marginalise China-owned data centre operators.
Australian Data Centres (ADC), Canberra Data Centres (CDC), and Macquarie Telecom (Canberra Campus) are now the only three companies allowed to host Australian government data, after they were certified under the HCF released in March by the Digital Transformation Agency (DTA).
The move is the latest step in a Whole of Government Hosting Strategy that has amongst its key pillars the goal of protecting Australian government data with “robust, risk-based assessments to ensure data sovereignty and supply chain integrity”.
The Digital Transformation Agency has unveiled a regime for certifying data centres and managed services providers that handle federal government data.
The agency will assess providers on two certification levels, Certified Assured Hosting Provider and Certified Strategic Hosting Provider.
Certified Assured Hosting Provider arrangements safeguard against the risks of change of ownership or control through financial penalties or incentives, aimed at minimising transition costs borne by the Commonwealth should a data centre provider alter their profile.
Certified Strategic Hosting Provider, previously named Certified Sovereign Data Centre, represents the highest level of assurance and is only available to providers that allow the government to specify ownership and control conditions.