A government cloud’s classification is set by the agency that owns the data, based on its business impact level. The provider does not choose it. The system is assessed against the Information Security Manual at the highest classification it will hold: OFFICIAL: Sensitive, PROTECTED or SECRET. Confirm what the agency will store before you scope the IRAP assessment.
Most providers ask which classification they should get IRAP at, as though it were a tier they select. It is not. Getting the government cloud classification right starts with the data the buying agency intends to put on your system, and the damage its compromise would cause.
Who decides the classification, you or the agency?
The agency that owns the information decides. Under the Protective Security Policy Framework the originating agency assigns the classification from the business impact level, the damage that compromise of confidentiality, integrity or availability would cause to the national interest, organisations or individuals. A provider cannot mark someone else’s data. Your job is narrower and more useful: ask the buying agency what it will store, at what classification, before anything is scoped, and get the answer in writing. The classification then drives which ISM controls apply and how the assessment boundary is drawn. Where an agency is unsure, it works back from the damage descriptors: limited damage is OFFICIAL: Sensitive, damage is PROTECTED, serious damage is SECRET. A team’s assumption is not a classification. The owning agency’s decision is.
What do OFFICIAL: Sensitive, PROTECTED and SECRET mean?
They are points on a single scale of harm. The PSPF sets two sensitivity markings, UNOFFICIAL and OFFICIAL, with OFFICIAL: Sensitive above them, then three security classifications: PROTECTED, SECRET and TOP SECRET. The classification reflects the damage if the information were compromised, and it decides who may assess the system.
| Classification | What it covers | Damage if compromised | Who can assess |
|---|---|---|---|
| OFFICIAL: Sensitive | Sensitive information used in routine government business | Limited damage | Own assessors or an IRAP assessor |
| PROTECTED | Information needing a substantial degree of protection | Damage to the national interest | Own assessors or an IRAP assessor |
| SECRET | Highly sensitive information | Serious damage to the national interest | Own assessors or an IRAP assessor |
| TOP SECRET | The most sensitive information | Exceptionally grave damage to the national interest | ASD assessors or their delegates |
For commercial cloud, the working range is OFFICIAL: Sensitive to SECRET. TOP SECRET sits outside the commercial cloud route entirely and inside accredited government environments, so it is not a target a SaaS or cloud provider scopes towards.
How does the classification change your IRAP assessment?
Less than most expect at the lower end, more at the top. The ISM control set is the same at OFFICIAL: Sensitive and PROTECTED. What changes between them is not the controls but the obligations around them: physical security of the facilities, personnel clearances, and network arrangements. The personnel line is the sharpest. For data up to OFFICIAL: Sensitive, a provider’s staff need pre employment screening aligned to the PSPF; they do not need Australian Government security clearances. At PROTECTED and above, any personnel with physical or logical access to the infrastructure holding the data must hold a current Australian Government security clearance to the level of the data. SECRET adds further physical, personnel and network controls again. Jumping a level is not a paperwork exercise. It changes who is allowed to touch the system.
Should you aim higher than the data needs?
Usually not. Assessing at PROTECTED when your realistic buyers hold OFFICIAL: Sensitive data buys you a broader market and a heavier bill: cleared staff, accredited facilities, tighter network controls and a larger evidence effort. Over classifying a system is a common and expensive mistake. Match the classification to the data agencies will actually place on the platform, with headroom only where you have real demand for it. The reverse error is worse. Holding PROTECTED data on a system assessed only to OFFICIAL: Sensitive is a breach of the buyer’s obligations, not a stretch. Decide for SaaS and cloud providers on evidence of demand, not ambition.
How do you confirm the classification before scoping?
Ask the agency, in writing, what data it will store and at what classification, and the business impact level behind it. That single answer sets the target classification, which sets the applicable ISM controls, which with the boundary sets the control count and the cost. Do it before the boundary is drawn, not after. The two are decided together: a tight boundary at the right classification keeps the control count and the bill down; a broad one a level higher than the data needs inflates both. Then plan for currency. A cloud service must have been IRAP assessed within the previous 24 months under PSPF requirement 0109, and a material change, including a move to a higher classification, forces a reassessment sooner. Cybernion runs independent IRAP assessments at OFFICIAL: Sensitive, PROTECTED and SECRET, and the complete IRAP guide sets out the full process. Classification is the first scoping decision, not a label you add at the end.
Frequently asked questions
No. The agency that owns the data sets the classification from its business impact level. The provider assesses the system at the highest classification of data the agency will store on it.
No. The control set is the same at OFFICIAL: Sensitive and PROTECTED. What changes are the physical security, personnel clearance and network obligations. SECRET adds further controls.
No. TOP SECRET systems sit outside the commercial cloud IRAP route and are handled inside accredited government environments. TOP SECRET assessments are undertaken by ASD assessors or their delegates.
Within the previous 24 months under PSPF requirement 0109, measured against the latest ISM, and sooner on any material change such as a move to a higher classification.
Written by Gaurav Vikash, an ASD endorsed IRAP assessor and senior cyber security leader with 18 years of experience across Australia, the UK and Asia, including CISO and senior security leadership roles. He holds CISSP, CISA, CISM and CRISC and is an ISO 27001 and ISO 42001 Lead Implementer, and speaks regularly at industry conferences.
Sources:
- Protective Security Policy Framework, 2024 release
- Security classifications and protective markings, Style Manual, 2026
- Cloud assessment and authorisation, cyber.gov.au, 2024
- IRAP cloud services, cyber.gov.au, 2026
- Information Security Manual, cyber.gov.au, June 2026
Last updated: 21 June, 2026