EVENTGet 50% off your ticket to MongoDB.local NYC on May 2. Use code Web50! Learn more >

Back to Trust Center


Infosec Registered Assessors Program (IRAP)

The Infosec Registered Assessors Program (IRAP) assessment is a comprehensive cybersecurity assessment framework of the security capabilities and controls of cloud service providers, ensuring adherence to the highest security standards in order to assist Australian government agencies and departments in protecting their information and communications technology (ICT) systems from potential cyber threats.

The IRAP assessment has been completed on the MongoDB Atlas platform, across all three major cloud providers (AWS, Microsoft Azure, and Google Cloud), assessing that the appropriate security controls in place for the processing, storing, and transmission of information classified up to, and including, the “PROTECTED” level.

What is IRAP?

Governed and administered by the Australian Cyber Security Centre (ACSC), the Infosec Registered Assessors Program (IRAP) assessment is a comprehensive cybersecurity assessment framework (using the ACSC’s Cloud Security Assessment and Authorisation Framework) of the security capabilities of cloud service providers, ensuring adherence to the highest security standards in order to assist Australian government agencies and organisations in protecting their information and communications technology (ICT) systems from potential cyber threats.

To whom does IRAP apply?

IRAP applies to Australian government agencies and departments across federal, state, and local. Other government agencies outside of Australia, including New Zealand, and other heavily regulated industries, like financial services, also may use IRAP assessments in their risk and compliance assessments.

What MongoDB products and services are in the scope of the assessment?

In the scope of the IRAP assessment that was completed was MongoDB Atlas platform across the following cloud service providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. More details can be obtained from the IRAP Assessment Report and Cloud Controls Matrix.

Who completed the IRAP assessment on MongoDB Atlas?

The IRAP assessment of MongoDB Atlas was undertaken and completed by one of Australia’s independent ACSC-accredited IRAP assessors, CyberCX Pty Ltd.

What class of data has MongoDB Atlas been assessed for?

MongoDB Atlas security controls have been assessed for storing, processing, and communicating information up to and including the ‘PROTECTED’ classification level.

Are there any best practices or guidance on how MongoDB Atlas can be configured for ‘PROTECTED’ information classification level requirements?

With MongoDB Atlas, we aim to take the maximum burden of these requirements so customers can focus on application development and business requirements, and as a result, customers are only responsible for configuring a small subset of the total Information Security Manual (ISM) controls to minimise effort. This whitepaper provides details and technical references demonstrating how you can configure MongoDB Atlas to comply with PROTECTED information classification level requirements.

How can I obtain further details of the MongoDB Atlas IRAP Assessment Report and Cloud Controls Matrix?

Details of this assessment on the MongoDB Atlas security control effectiveness and the ability to meet the security objectives outlined in the ACSC Cloud Security Assessment and Authorisation Framework can be obtained under an NDA by contacting your MongoDB representative or contacting our team below.

Contact our team

Please contact our team if you'd like to receive details of this assessment by selecting "Contact Us" or emailing us at
irap-contact-us@mongodb.com.