IRAP Assessment
Formal security assessment for Australian Government systems. Required for systems that process, store, or communicate Australian Government information. Delivered by ASD-endorsed assessors.
What is IRAP Assessment?
The Information Security Registered Assessors Program (IRAP) provides government and industry with a pool of assessors certified to evaluate security controls against the Information Security Manual (ISM).
IRAP assessments are required for systems seeking to handle Australian Government information at various classification levels. The assessment results in a Security Assessment Report (SAR) used by authorising officers to make risk-based decisions.
Our assessors are endorsed by the Australian Signals Directorate (ASD) and have extensive experience across defence, federal agencies, and critical infrastructure.
+ What is Included
- ✓ Full security control assessment
- ✓ Security Assessment Report (SAR)
- ✓ Risk findings with severity ratings
- ✓ Remediation recommendations
- ✓ Certification recommendation
- ✓ Stakeholder briefings
- What is Not Included
- ✕ Remediation activities
- ✕ Implementation of recommendations
- ✕ Ongoing monitoring or support
- ✕ Policy or procedure authoring
- ✕ Technical implementation
Prerequisites
- • Agreed scope and system boundary
- • Complete system documentation
- • Implemented security controls
- • Technical and business stakeholders
- • Access to evidence and configurations
Deliverables
- • Security Assessment Report (SAR)
- • Risk findings register
- • Certification recommendation
- • Executive summary briefing
- • Remediation guidance