In July 2019, the Australian Signals Directorate (ASD) commissioned an independent review of its Cloud Services Certification Program (CSCP) and Information Security Registered Assessors Program (IRAP).
A key recommendation of the review was for ASD to enhance its support and delivery of IRAP.
In line with this recommendation, ASD has engaged the IRAP community in the development of the new Cloud Security Guidance.
This new guidance, co-designed by government and industry through ASD-led consultative forums, will be released on 27 July 2020.
After its release, ASD will hold further consultative workshops for IRAP assessors to support the transition to the new guidance.
ASD is also in the process of improving the training and assessment of IRAP assessors, and will be commencing updated training for existing IRAP assessors in late 2020. This will deliver greater resources and higher standards, to support the government in maintaining its assurance and risk management activities.
ASD will continue to provide updates to the IRAP community on the enhancement of the program.
This web page and the sections below will be updated with new information and resources as they become available.
What the IRAP program does
IRAP provides the framework to endorse individuals from the private and public sectors to provide cyber security assessment services to Australian governments. Endorsed IRAP assessors can provide an independent assessment of ICT security, suggest mitigations and highlight residual risks. IRAP assessors can provide assessment up to the TOP SECRET level for: