DTA keeps data safe and secure with HCF review

Share

As governments use and store massive amounts of data and run thousands of technical systems on different technologies and locations, the Digital Transformation Agency (DTA) has evolved the use of digital through the Hosting Certification Framework (HCF). 

Through the HCF, the DTA has visibility and oversight of where government data is stored to avoid scenarios such as a private data centre business operating without any physical or cyber security controls. 

The HCF also ensures that data service providers are required to comply with a range of physical and cyber security controls, and also provides controls to avoid the costs of moving data and technology solutions to a different provider. 

Check out: Top three data analytics trends for 2023 

A hosting strategy for government 

While the HCF was established in 2021, the DTA began its work on the framework much earlier after it launched the Whole-of-Government Hosting Strategy. This strategy, which provided guidance to those entrusted with government-held data, marked a significant and ongoing change across government. 

The establishment of the strategy led to a decline in the use of onsite facilities to host data. Government agencies increasingly moved their expanding data holdings to offsite data centres. This, in turn, accelerated the growth of data centres and cloud growth in Australia. Today, nearly 300 data centres around the country are capable of hosting government data. 

Under the HCF, providers of data-hosting services are ‘certified’ by the DTA after a stringent assessment to ensure their practices comply with the data-protection, ownership-structure, transparency, privacy and security requirements set by government. The HCF was also incorporated into the Protective Security Policy Framework, making policy requirements clearer by aligning them with other protective security policies.  

Since its release, the HCF has provided safety and security benefits to government by significantly reducing risks associated with hosting data and facilitating more efficient and cost-effective procurement of hosting services across government.  

Check out: The conundrum to becoming a digital-first country 

DTA – continuously improving 

To ensure it keeps pace with emerging threats and changes in technology, the DTA plans to review and reform the HCF this year. While the next iteration will continue to focus on protecting and securing government data, the DTA will also explore new topics. 

These topics will include new ways to accelerate the certification process for providers, how to provide more information for current and potential providers about government requirements, new ways to engage with state and territory governments about leveraging the HCF and include certification of functions such as Software as a Service (SaaS) and Managed Service Providers (MSPs). 

The DTA encourages industry sellers and government buyers to participate in the review by completing the survey on the DTA’s digital consultation platform.