What is IRAP (Infosec Registered Assessors Program)

What is IRAP?
IRAP stands for Information Security Registered Assessors Program. It is a government-led program in Australia that endorses individuals from the private and public sectors to provide security assessment services to the Australian government. IRAP assessors are ASD-certified ICT professionals who have the necessary experience and qualifications in ICT, security assessment and risk management, and a detailed knowledge of ASD’s Information Security Manual.
The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.
Sekuro IRAP Services
The Infosec Registered Assessor Program (IRAP) is an initiative by the Australian Signals Directorate (ASD) to provide high quality Information and Communications Technology (ICT) security assessment services to Australian Government and Industry.
Sekuro’s IRAP Assessors are endorsed by the ASD, who ensure suitably-qualified cyber security professionals can assist in navigating the Information Security Manual (ISM), Protective Security Policy Framework (PSPF) and other Australian Government Guidance.
Why choose Sekuro to be your IRAP Assessor?
Sekuro is one of the most experienced and respected IRAP Assessors in Australia. A large number of Australian and International organisations have chosen Sekuro to be their IRAP partner.
- Sekuro Assessors conduct independent IRAP assessments up to the SECRET classification as defined in the Protective Security Policy Framework (PSPF).
- Demonstrated ability to advise on your organisation’s risk posture regarding the latest control requirements stipulated within the most recent ISM Version.
- Sekuro Assessors provide ongoing support and assist with continuous improvement in aligning to the most recent ISM Version.
- Sekuro Assessors support you in improving their cyber security maturity in an evolving threat landscape.
- Our Assessors inform you on the latest updates and guidance from the Australian Cyber Security Centre (ACSC).
The IRAP Assessment will help give local, state, and federal government agencies and organizations the reassurance they need to feel comfortable leveraging the Shibumi platform to support the government’s most critical programs of work,” said Bob Nahmias, Founder and CEO of Shibumi.
Sekuro IRAP Assessors
Sekuro’s IRAP Assessors have unique skill sets and have provided guidance for Defence, Federal Government, telecommunications, multi-national entities or other organisations looking to do business in Australia, and various cloud service providers.
Our Assessors meet the stringent prerequisites required to be an IRAP Assessor.
These include:
- Extensive ISM experience
- NV1 clearance or above
- Industry recognised certifications
How do Sekuro IRAP Assessors Assist and Guide?
Sekuro’s IRAP Assessors assist in securing your systems and data by independently assessing your cyber security posture, identifying security risks and suggesting mitigation measures.
Our Assessors clearly define the scope of work and provide unbiased and independent outcomes for your environment. Upon the completion of an IRAP Assessment, Sekuro will provide you with the following:
- Cloud Security Controls Matrix which details the implementation status of controls from the Information Security Manual.
- Cloud Security Assessment report.
- An IRAP Letter of completion.
Sekuro’s IRAP Assessors do not endorse, accredit, certify, or register systems on behalf of the ASD.
What is an IRAP Assessment?
An IRAP assessment is an independent assessment of the implementation, appropriateness, and effectiveness of a system’s security controls. The assessment is conducted against the Australian government’s security requirements, as outlined in the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF).
The results of an IRAP assessment can help organisations to:
- Identify and mitigate security risks
- Improve their security posture
- Demonstrate compliance with Australian government security requirements
- Gain confidence in the security of their systems and data
If you are an organisation that handles Australian government data, you may be required to undergo an IRAP assessment.
Liaising with ACSC
We commonly liaise with agencies and/or ACSC on behalf of our clients to:
- Advise ACSC on customers’ certification requirements.
- Discuss assessment report findings, provide details on specific services recommended for certification.
- Discuss the value these services will bring to the Australian Government.
All that we do helps make the entire process easier for our customers.