IRAP assessed hosting

IRAP assessed hosting for custom applications

Bring any application as a Docker Compose definition and run it on infrastructure IRAP assessed at the OFFICIAL:Sensitive level — with managed databases, autoscaling, secrets, and Australian data sovereignty.

Get startedTalk to us
Your App
OFFICIAL:​Sensitive
IRAP Assessed
Compose
Native Deploys
30-day
Backup Retention
AU
Data Sovereignty

Bring your own

If it runs in a container, it runs here

Next.js, Nuxt, Django, Rails, .NET, Java — if you can express it as a Docker Compose definition, you can run it on assessed infrastructure. Pull images from the built-in registry or your own, and let the platform handle scaling, health, and recovery.

  • Deploy from Docker Compose definitions
  • Built-in or external container registries
  • Environment variables and secrets injection
  • Autoscaling with configurable health checks

Explore cloud apps

Application Stack docker-compose.yml
Running
web :3000
node:24-alpine
2 replicas
api :8080
go:1.21
worker
python:3.12
postgres
postgres:16
redis
redis:alpine
Volumes: db_data · redis_cache · uploads
5 services
Rolling deploys
Health checks

What IRAP assessed hosting includes

Your application inherits the same assessed platform controls.

Immutable audit logging

Multi-region audit trails with log file validation capture every administrative action.

  • 7-year (2,555-day) retention
  • Object Lock in COMPLIANCE mode
  • Network flow logs on every VPC

Automated backups

Daily database backups, plus on-demand database and filesystem backups you control.

  • 30-day automated retention
  • Restore to any environment
  • Multi-AZ database option

Australian data sovereignty

Workloads run in Melbourne with Sydney as the secondary region. Data at rest stays in Australia.

  • Melbourne primary region
  • Sydney secondary region
  • Australian owned and operated

Encryption everywhere

Encryption at rest and in transit for every workload, with managed key infrastructure.

  • AES-256 at rest
  • TLS 1.2 minimum in transit
  • HTTPS-only origins

Access control

Strong authentication and least-privilege access for every account and API client.

  • MFA and passkeys
  • SAML single sign-on
  • Role-based access and scoped API tokens

Network security

Defence in depth from the edge to the container.

  • WAF with OWASP paranoia levels
  • DDoS protection and rate limiting
  • Protective DNS and per-tenant isolation

Custom application hosting FAQs

What can I deploy on IRAP assessed infrastructure?

Any application packaged as a Docker Compose definition — server-rendered frameworks, APIs, CMSs, or background workers. Each application can include multiple containers with their own resources and health checks.

Can I use my own container registry?

Yes. Containers can reference images in the built-in registry or an external registry of your choice.

How is my application isolated from other tenants?

Each application runs in its own containers with per-task network interfaces, a dedicated managed database where provisioned, and no cross-tenant data sharing.

Do custom applications get the same compliance controls?

Yes. Audit logging, backups, encryption, access control, and network security are platform controls — every application on QuantGov Cloud inherits them.

Run your application on assessed infrastructure

Bring a Docker Compose definition and inherit the platform's audit logging, backups, and sovereignty.

IRAP assessed at OFFICIAL:Sensitive
Any Docker Compose app
Australian data sovereignty
24/7 P1 support
Get startedContact sales