Skip to main content

Information Security Registered Assessors Program (IRAP)

The Information Security Registered Assessors Program (IRAP) ensures Commonwealth entities can access high-quality information and communications technology (ICT) assessment services.

What the IRAP program does

IRAP provides the framework to endorse individuals from the private and public sectors to provide cyber security assessment services to Australian governments. Endorsed IRAP assessors can provide an independent assessment of ICT security, suggest mitigations and highlight residual risks. IRAP assessors can provide assessment up to the TOP SECRET level for:

IRAP review

In July 2019, the Australian Signals Directorate (ASD) commissioned an independent review of its Cloud Services Certification Program (CSCP) and Information Security Registered Assessors Program (IRAP). For the public statement on the review outcomes, see Joint ASD-DTA Public Statement on Independent Review of CSCP and IRAP.

In line with review recommendations, ASD will enhance its support and delivery of IRAP. ASD will be accepting applications for new IRAP Assessors and will restart IRAP training sessions.

The boost to the IRAP community will deliver greater resources and higher standards, to support government in maintaining its assurance and risk management activities.

ASD will improve the training and assessment of IRAP assessors to bring a greater consistency of skills within the IRAP community.