A managed service provider supporting over 50 customers was facing a familiar challenge: growing demand for Essential Eight assessments, but no scalable way to deliver them consistently. Artefakt was engaged to change that. Our consultant designed a structured methodology supported by automation that reduced assessment effort by approximately 50%, while improving quality and tailoring reporting […]
A federal government agency required an IRAP assessment for a hybrid ICT environment incorporating Microsoft Azure, Microsoft 365, on-premise infrastructure, and a managed service provider’s platforms. In addition to assessing an in-flight build, the client requested a three-week pause midway through the engagement to facilitate remediations. To maintain the timeline commitments, Artefakt scaled the team […]
A global SaaS recruitment platform used by 75% of Australian federal government engaged Artefakt for an IRAP assessment. The environment spanned AWS and Azure, with integrations across HR systems, APIs, identity platforms, and third-party providers. A four-week mid-engagement pause compressed the delivery window while government departments awaited the final report for their own authorisation decisions. […]
Supply chain contracts are one of the most consequential opportunities an organisation has to shape its security posture across the extended enterprise. The value of well-constructed security obligations lies in shaping supplier behaviour throughout the engagement, long before an incident tests them. The first in our GRC series, this short paper examines the principles and […]
More than ever, the IRAP assessment and report is a commercial prerequisite for suppliers entering Australian government and critical-infrastructure markets. As government buyers increase their scrutiny of IRAP reports, depth and quality are shaping buyer confidence and market access. Our discussion paper examines the commercial value of engaging with the IRAP program as a supplier, and […]
Although IRAP and Essential Eight assessments aren’t yet formal mandates for the private sector, their steady rise signals an emerging standard for Australian cybersecurity practices. As someone who’s spent many years working with information security frameworks, I keep an eye on the subtle but meaningful shifts in our industry. Recently, one observation has stood out: […]