Infosec Registered Assessors Program (IRAP)

What Is IRAP?

IRAP stands for Information Security Registered Assessors Program. It is a government-led program in Australia that endorses individuals from the private and public sectors to provide security assessment services to the Australian government.

IRAP Assessors are Australian Signals Directorate (ASD)-certified Information Communications Technology (ICT) professionals who have the necessary experience and qualifications in ICT, security assessment and risk management, and a detailed knowledge of ASD’s Information Security Manual. IRAP ensures entities can access high-quality security assessment services.

What Is An IRAP Assessment?

An IRAP assessment is an independent assessment of the implementation, appropriateness, and effectiveness of a system’s security controls. The assessment is conducted against the Australian government’s security requirements, as outlined in the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF).

The results of an IRAP assessment can help organisations to:

  • Identify and mitigate security risks
  • Improve their security posture
  • Demonstrate compliance with Australian government security requirements
  • Gain confidence in the security of their systems and data

If you are an organisation that handles Australian government data, you may be required to undergo an IRAP assessment.

Identify And Mitigate Security Risks

Demonstrate Compliance With Australian Government Security Requirements

Improve Their Security Posture

Gain Confidence In The Security Of Their Systems And Data

About IRAP Services

Our IRAP Assessors are endorsed by the ASD, who ensure suitably-qualified cyber security professionals can assist in navigating the Information Security Manual (ISM), Protective Security Policy Framework (PSPF) and other Australian Government Guidance. 

We are the most experienced and respected IRAP Assessors in Australia. A large number of Australian and International Organisations have chosen us to be their IRAP partner. 

  • Our Assessors conduct independent IRAP assessments up to the SECRET classification as defined in the Protective Security Policy Framework (PSPF).
  • Demonstrated ability to advise on your organisation’s risk posture regarding the latest control requirements stipulated within the most recent ISM Version.
  • Our Assessors provide ongoing support and assist with continuous improvement in aligning to the most recent ISM Version.
  • Our Assessors support you in improving their cyber security maturity in an evolving threat landscape.
  • Our Assessors inform you on the latest updates and guidance from the Australian Cyber Security Centre (ACSC).

Requirements for IRAP Assessors:
Our IRAP Assessors have unique skill sets and have provided guidance for Defence, Federal Government, telecommunications, multi-national entities or other organisations looking to do business in Australia, and various cloud service providers. Assessors must meet the stringent prerequisites required to be an IRAP Assessor.

These include:

  • Extensive ISM experience
  • NV1 clearance or above
  • Industry recognised certifications

How Do Our IRAP Assessors Assists And Guide?

Our IRAP Assessors assist in securing your systems and data by independently assessing your cyber security posture, identifying security risks and suggesting mitigation measures. Our Assessors clearly define the scope of work and provide unbiased and independent outcomes for your environment. Upon the completion of an IRAP Assessment, we will provide you with the following:

  • Cloud Controls Matrix (CCM)which details the implementation status of controls from the Information Security Manual.
  • Cloud Security Assessment report.
  • An IRAP Letter of completion.

Our IRAP Assessors do not endorse, accredit, certify, or register systems on behalf of the ASD.

Liaising with ASD
We will commonly liaise with agencies and/or ACSC on behalf of our clients to:

  • Advise ACSC on customers’ certification requirements.
  • Discuss assessment report findings, provide details on specific services recommended for certification.
  • Discuss the value these services will bring to the Australian Government.

All that we do helps make the entire process easier for our customers.

Already know what you are after?

Talk to our compliance experts.

Scroll to Top