Skip to main content


The problem with the current ATO process is that it is:

  • Confusing: It’s complexity excludes non-technical people from fully understanding its problems. End users struggle to understand compliance and what is required to successfully and securely deliver a government IT system to production.
  • Misleading: It doesn’t necessarily make systems more secure.
  • Reactive: It’s a response to rules and regulations.
  • Manual: A security plan can have 300 to 900 boxes to check, and the end product of the ATO process is a static document .
  • Labor intensive: A security plan can be hundreds of pages.
  • Time-consuming: It takes months/years to get an ATO.
  • Expensive: Hundreds of thousands to millions of dollars for just one ATO.