Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 12 Jun 2019
Last updated: 15 Aug 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.

IRAP

The Australian Signals Directorate (ASD), via the Infosec Registered Assessors Program (IRAP), provides organisations with access to cybersecurity professionals to conduct high-quality, independent security assessment services.

An IRAP security assessment helps organisations understand their system’s security strengths and weaknesses and provides recommendations that can be utilised as part of their organisational security program.

What IRAP does

ASD endorses individuals from the private and public sectors to provide security assessment services with the aim of enhancing the security of broader industry and Australian Government systems and data.

Endorsed IRAP Assessors assist organisations to secure their systems and data by independently assessing their cybersecurity posture, identifying security risks and suggesting mitigation measures.

IRAP Assessors can provide security assessments of SECRET and below for:

What IRAP does not do

IRAP Assessors do not accredit, certify, endorse or register systems on behalf of ASD. The scope of a security assessment will generally not cover all ISM security controls and a completed security assessment does not inherently imply that a system is compliant with the tested security controls. As such, it is integral for customers to read and understand security assessment reports or letters of completion to determine what a system has been tested against and if it meets their cybersecurity requirements.

How to become an IRAP Assessor

IRAP Assessors are ASD-endorsed ICT professionals from across Australia who have the necessary experience and qualifications in ICT security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

IRAP Consumer Guide

An IRAP Assessor will assist you by helping you to understand and implement security controls and recommendations to protect your systems and data.

IRAP Assessors List

ASD's IRAP endorses qualified security professionals to provide information security services.

Who are ASD's training providers?

ASD endorses ICT training providers to develop and facilitate IRAP New Starter Training.

Gateway hardening

This page lists publications on the hardening of gateway services.

Cloud Services

The Cloud Services Certification Program (CSCP) ceased on 2 March 2020.

IRAP resources

IRAP application form

Register to become an endorsed ASD IRAP Assessor.

IRAP assessment feedback form

Provide feedback for a recent IRAP assessment.

IRAP community feedback form

IRAP community members can provide comment on a range of topics about the course.
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it