IRAP ISM Compliance Services

Many government agencies (State and Federal) and private sector organisations handling Australian Government information are required to comply with the Information Security Manual (ISM).

ICT and Cloud Providers (or to-be Providers) to the Australian Government must comply with the ISM.

Organisations willing to comply to the Australian Government Information Security Standard require the services of an Information Security Registered Assessors Program (IRAP) Assessor.

Privasec's IRAP Assessors hold a Negative Vetting Level 1 clearance.


Organisation who do not fully comply with the ISM may still be able to achieve IRAP certification based on their risk profile, as assessed by the IRAP Assessor, being accepted by the ASD (or Certifying Authority).

Privasec’s IRAP assessment reports have been recognised by the ASD (Australian Signal Directorate) as the gold standard for reporting compliance.


IRAP Assessors undergo a rigorous assessment processes by the IRAP Program and are recognised by the ASD (formerly DSD) as competent to access or develop and implement ICT security systems and relevant security controls for:

  • Gateway /Fedlink /Cross Domain Solution (CDS) audits of all classification levels up to and including TOP SECRET.
  • Network and System reviews at all classification levels up to TOP SECRET.
  • Gatekeeper assessments at all classification levels up to TOP SECRET.


Over the years, Privasec has established a solid relationship with the ASD. We commonly liaise with the ASD on behalf of our clients to:

  • Advise ASD on customers' certification requirements.
  • Discuss assessment report findings, provide details on specific services recommended for certification.
  • Discuss the value these services will bring to the Australian Government.

It's just one more thing we do to make the entire process easier for our customers.

Contact us to discuss and find out more about our services.