A sustained security advisory engagement spanning integrated management system audits, PSPF-aligned risk assessments, and the development of a comprehensive Security Plan — enabling a major Australian data centre campus to achieve government Hosting Certification Framework (HCF) accreditation.
THE CHALLENGE
A leading owner and operator of large-scale, carrier-neutral data centres required a trusted security partner to support its continuous improvement program across a major Sydney campus. The campus hosts two world-class data centres supporting many of the world’s largest telecommunications, cloud, and financial organisations, as well as numerous state and Commonwealth government agencies. As a designated critical infrastructure asset under the SOCI Act, the operator needed to mature its security and compliance frameworks — first by integrating its separate management systems for quality (ISO 9001), environment (ISO 14001), health and safety (OHSAS 18001), and information security (ISO 27001), and subsequently by achieving certification under the Digital Transformation Agency’s Hosting Certification Framework (HCF) to continue hosting sensitive government infrastructure.
OUR APPROACH
Agilient acted as a key security and compliance partner across multiple engagements spanning several years. In the first phase, Agilient’s auditors conducted a detailed internal audit of the operator’s newly developed Integrated Management System (IMS), focusing on documentation review, assessment of changes to the Annex SL high-level structure, and verification of previously closed non-conformity closures. Building on this relationship, Agilient was re-engaged to deliver the critical Security Risk Assessment (SRA) and Security Plan required for HCF certification. This involved extensive stakeholder consultation, physical site inspections, and a multi-faceted threat assessment analysing risks from organised crime, state-sponsored actors, and insider threats, combined with a detailed Risk Control Effectiveness (RCE) assessment of all existing security controls.
THE OUTCOME
- Delivered a comprehensive SRA and Security Plan providing the critical evidence base for the operator to achieve government Hosting Certification Framework (HCF) accreditation, enabling continued hosting of sensitive Commonwealth and state government data
- Produced strategic recommendations, including the formal establishment of a Protective Security Framework modelled on the PSPF, the creation of a Chief Security Officer role, and enhancements to both physical and cyber security aligned with the Essential Eight
- Equipped the operator with a robust, standards-based, and certifiable security framework providing critical assurance to government and enterprise clients, supporting its SOCI Act obligations as a designated data storage and processing asset