IRAP (ISM / PSPF)
Assessing agencies and private organisations’ ability to handle government information in compliance with ACSC’s requirements.
IRAP ISM Compliance
Many government agencies (State and Federal) and private sector organisations handling Australian Government information are required to comply with the Information Security Manual (ISM). ICT and Cloud Providers (or to-be Providers) to the Australian Government must comply with the ISM.
Organisations willing to comply with the Australian Government Information Security Standard require the services of an Information Security Registered Assessors Program (IRAP) Assessor. Organisations that do not fully comply with the ISM may still be able to achieve IRAP certification based on their risk profile, as assessed by the IRAP Assessor, or if accepted by the ASD (or Certifying Authority).
Privasec’s IRAP Assessors hold a Negative Vetting Level 1 clearance.
IRAP Assessors undergo a rigorous assessment processes by the IRAP Program and are recognised by the ACSC as competent to access or develop and implement ICT security systems and relevant security controls for:
- Cloud Security Assessment
- Gateway /Fedlink /Cross Domain Solution (CDS) audits of all classification levels up to and including ‘top secret’ classification.
- Network and System reviews at all classification levels up to ‘top secret’ classification.
- Gatekeeper assessments at all classification levels up to ‘top secret’ classification.
Liaising with ACSC
We commonly liaise with agencies and/or ACSC on behalf of our clients to:
- Advise ACSC on customers’ certification requirements.
- Discuss assessment report findings, provide details on specific services recommended for certification.
- Discuss the value these services will bring to the Australian Government.
All that we do help make the entire process easier for our customers.
Already know what you are after?
Talk to our compliance experts.