Aristotle Metadata announces outcomes of December 2023 IRAP assessment

Aristotle Metadata announces outcomes of December 2023 IRAP assessment

Aristotle Metadata is proud to announce three products have been IRAP assessed on 19 December 2023 against the ISM Protected level controls. A copy of the IRAP assessment is available from

This assessment explored technical, business, physical and cultural controls for securing client data to ensure a consistent and holistic approach to how Aristotle Metadata secures and protects data for the Australian Government sector.

Independent IRAP assessors from Intrinsic Cyber, confirmed Aristotle Metadata’s effective implementation of controls across all 63 sections spanning 22 chapters of the Information Security Manual .

Highlights from the report by Intrinsic Cyber include;

  • Culture and strategic alignment to the business – Aristotle Metadata was found to have a strong security-aware culture, with the strategy and tone set by the Chief Information Security Officer (CISO). Interviewed personnel, from senior management to software developers, demonstrated an awareness and commitment to implementing the Aristotle Metadata’s security principles, and were aware of their individual security responsibilities particular to their position.
  • Identity and access management – Aristotle Cloud had sound controls for authentication, authorisation, and access to the Aristotle Cloud platform. Aristotle Cloud was found to implement a secure administration process which was considered effective for limiting and controlling access to the platform and protecting administrator accounts from compromise.
  • Architecture and web interface – Each Cloud Consumer that uses Aristotle Protected Cloud is provided with a dedicated application instance and supporting resources. Customer portals are internet accessible via secured web interface, presenting a reduced attack service. The Aristotle Protected Cloud, along with AWS addons recommended by Aristotle Metadata for Protected data, is designed to align with the ISM and Australian Federal Government data hosting and sovereignty requirements.

Chief Executive Officer and Chief Information Security Officer Sam Spencer expressed pride in the outcome, emphasising that it signifies not just technical excellence, but a consistent security mindset upheld by the team daily. “This achievement is a testament to the dedication and vigilance of our team. It goes beyond technical expertise, reflecting a genuine commitment to security principles embedded in our daily operations. Our collaboration with Scyne Advisory underscores the strength of our strategic partnerships, ensuring that we continue to raise the bar for government data security.”

The preparation of security documentation received support from Scyne Advisory, contributing expertise in process improvement and documentation to strengthen Aristotle Metadata’s ongoing security commitment. Shad Sears, Cyber Security Partner at Scyne Advisory, commented “We are proud to have supported Aristotle Metadata on their journey of delivering critical services on behalf of government.”

Products assessed under this report were:

This assessment underscores Aristotle Metadata’s enduring commitment to reinforcing the digital, data, and cyber security landscape for the Australian Government. As a testament to our transparency and accountability, the detailed IRAP report is readily accessible to all clients utilising our Aristotle Protected Cloud infrastructure.