Your Trusted IRAP Certification Partner
To ensure Australian government compliance, agencies are required to have a valid IRAP assessment report before signing any contract or deed with a provider. Let one of our certified IRAP Assessors perform an IRAP assessment on your ICT product(s) to help you meet these requirements and enhance your security documentation services.
Your Trusted IRAP Certification Partner
Need to have an IRAP assessment?
The Infosec Registered Assessors Program (IRAP), managed by the Australian Signals Directorate (ASD) through the Australian Cyber Security Centre (ACSC), serves as a vital framework for independent security assessments of ICT systems. These assessments are conducted against the standards set forth in the Australian Government Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF), ensuring compliance with Australian government requirements.
It is important to note that IRAP is not a certification or endorsement. While assessors deliver reports on the implementation of security controls, the ASD clearly states that IRAP does not accredit, certify, or register ICT systems. Achieving a positive IRAP assessment—often at the PROTECTED level—demonstrates an organization's readiness to manage sensitive government data, marking it as a significant differentiator for cloud providers, SaaS vendors, and ICT services aiming for Australian public sector contracts.
An IRAP assessment can significantly enhance opportunities for federal and state contracts, as well as critical infrastructure projects. It streamlines agency authorization by offering pre-assessed security controls, thereby minimizing the need for repetitive reviews.
Our IRAP assessors, who are endorsed by the ASD, specialize in conducting independent assessments of Australian government ICT systems. They thoroughly evaluate systems against the ISM and PSPF, identifying security risks while providing recommendations for mitigation. These assessors possess the necessary qualifications and experience in ICT security assessment and risk management, ensuring that systems meet required security standards and risk tolerances, particularly when handling government data.
Key responsibilities of the IRAP assessor include:
- Conducting assessments: They perform comprehensive evaluations of ICT systems by reviewing security documentation services, conducting site visits, and interviewing personnel.
- Defining scope: In collaboration with the organization under assessment, they establish the scope of the evaluation and determine the assets involved.
- Evaluating controls: They critically assess the effectiveness of security controls in place against the ISM standards.
- Reporting findings: They generate an IRAP assessment report along with a control matrix that outlines their findings and recommendations for improvement.
- Risk management: They identify and report on any residual risks once the controls have been evaluated, suggesting effective mitigations.
- Ensuring data protection: They verify that the systems assessed can securely store, process, and communicate information up to classification levels such as PROTECTED.
Next Step:
Contact us to learn more about how we can assist with your Australian government compliance needs.
