IRAP assessed hosting

IRAP assessed Craft CMS hosting

Managed hosting for Craft CMS on infrastructure IRAP assessed at the OFFICIAL:Sensitive level. Containers, managed databases, CDN and WAF included — with the audit logging, backups, and sovereignty your agency requires.

Get startedTalk to us
Craft CMS Application docker-compose.yml
Running
Edge: CDN · WAF · DDoS protection
craft :443
nginx + php-fpm
2 replicas
queue
php-cli
cache
redis:alpine
mysql managed
mysql:8.4 · Multi-AZ
30-day backups
Volumes: web · storage · config
Managed database
Health checks
Auto backups
OFFICIAL:​Sensitive
IRAP Assessed
One-Click
Deploy
30-day
Backup Retention
AU
Data Sovereignty

Application hosting

Managed Craft CMS hosting

Deploy Craft CMS from a managed template and run it as a fully dynamic application. Containers are managed with health checks and autoscaling, the database is provisioned for you, and both the public site and the control panel sit behind the CDN and WAF.

  • Managed MySQL with Multi-AZ option
  • Control panel and content editing behind the WAF
  • Autoscaling with configurable health checks
  • Automated backups with on-demand restore to any environment

Explore the Craft CMS integration

Edge Network
90+ locations
L3/L4 Mitigation
Always on
SYN Floods
Protected
UDP Floods
Protected
Amplification
Protected
Global Distribution
35
Americas
28
Europe
22
Asia-Pac
5
Oceania
Automatic Scaling
Attack traffic distributed globally
Active
No config required Included free
Learn more

What IRAP assessed hosting includes

Your Craft CMS site inherits the same assessed platform controls.

Immutable audit logging

Multi-region audit trails with log file validation capture every administrative action.

  • 7-year (2,555-day) retention
  • Object Lock in COMPLIANCE mode
  • Network flow logs on every VPC

Automated backups

Daily database backups, plus on-demand database and filesystem backups you control.

  • 30-day automated retention
  • Restore to any environment
  • Multi-AZ database option

Australian data sovereignty

Workloads run in Melbourne with Sydney as the secondary region. Data at rest stays in Australia.

  • Melbourne primary region
  • Sydney secondary region
  • Australian owned and operated

Encryption everywhere

Encryption at rest and in transit for every workload, with managed key infrastructure.

  • AES-256 at rest
  • TLS 1.2 minimum in transit
  • HTTPS-only origins

Access control

Strong authentication and least-privilege access for every account and API client.

  • MFA and passkeys
  • SAML single sign-on
  • Role-based access and scoped API tokens

Network security

Defence in depth from the edge to the container.

  • WAF with OWASP paranoia levels
  • DDoS protection and rate limiting
  • Protective DNS and per-tenant isolation

IRAP assessed Craft CMS hosting FAQs

Can I run Craft CMS on IRAP assessed infrastructure?

Yes. QuantGov Cloud is IRAP assessed at the OFFICIAL:Sensitive level, and Craft CMS runs as a managed containerised application with a provisioned database, CDN, and WAF. Your site inherits the platform controls covered by the assessment.

How is the Craft control panel protected?

The public site and the control panel both sit behind the WAF, rate limiting, and DDoS protection. Access to the control panel can be further restricted by IP or page rules.

How is my Craft site backed up?

Databases are backed up automatically with 30-day retention, and you can take on-demand database and filesystem backups and restore them to any environment.

Where is my Craft data hosted?

Workloads run in the Melbourne region with Sydney as the secondary region. Data at rest stays in Australia.

Deploy Craft CMS on assessed infrastructure

Managed Craft CMS with the audit logging, backups, and sovereignty your agency requires.

IRAP assessed at OFFICIAL:Sensitive
Managed MySQL database
Australian data sovereignty
24/7 P1 support
Get startedContact sales