The Digital Transformation Agency (DTA) has added three further providers to its list of certified players to store sensitive data locally.
Added this week is NextDC, which joins recently added Equinix and Fujitsu.
NextDC has its Perth 1 and 2, Sydney 1 and 2, Melbourne 1 and 2, Brisbane 1 and 2, and Canberra 1 facilities classed as certified against the requirements defined in the Hosting Certification Framework.
Equinix Australia has its CA1, SY3, SY4, SY5, SY6, SY7, PE2, and ME4 faciltiies certified, while Fujitsu Australia's Western Sydney and Homebush facilities have been accepted by the DTA.
The DTA is the government's certifying authority for the Hosting Certification Framework.
The framework aims to operationalise the principles outlined in the whole-of-government hosting strategy, and to support the secure management of government systems and data.
"The framework will assist agencies to mitigate against supply chain and data centre ownership risks, and enable them to identify and source appropriate hosting and related services," the DTA claims.
In June, the DTA certified Australian Data Centres, Canberra Data Centres, and Macquarie Telecom's Canberra Campus as the initial three providers to store sensitive government data.
The Australian Signals Directorate (ASD) shuttered the government's cloud certification program in July 2020, after an independent review recommended for the system be reworked. ASD cloud services certifications, and consequently all services listed on the Certified Cloud Services List, became void.
In its place is the Cloud Security Guidance, which aims to guide organisations including government, cloud service providers, and Information Security Registered Assessors Program assessors on how to perform a "comprehensive assessment of a cloud service provider and its cloud services so a risk-informed decision can be made about its suitability to handle an organisation's data".